Connect with us

Tech

Researchers, cybersecurity agency urge action by Microsoft cloud database users | Saltwire – SaltWire NS

Published

 on


By Joseph Menn

(Reuters) – Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp’s Azure cloud platform on Saturday urged all users to change their digital access keys, not just the 3,300 it notified this week.

As first reported by Reuters https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26, researchers at a cloud security company called Wiz discovered this month they could have gained access to the primary digital keys for most users of the Cosmos DB database system, allowing them to steal, change or delete millions of records.

Alerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers’ databases, then notified some users Thursday to change their keys.

In a blog post Friday, Microsoft said it warned customers which had set up Cosmos access during the weeklong research period. It found no evidence that any attackers had used the same flaw to get into customer data, it noted.

“Our investigation shows no unauthorized access other than the researcher activity,” Microsoft wrote. “Notifications have been sent to all customers that could be potentially affected due to researcher activity,” it said, perhaps referring to the chance that the technique had leaked from Wiz.

“Though no customer data was accessed, it is recommended you regenerate your primary read-write keys,” it said.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency used stronger language in a bulletin Friday, making clear it was speaking not just to those notified.

“CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key,” the agency said https://us-cert.cisa.gov/ncas/current-activity/2021/08/27/microsoft-azure-cosmos-db-guidance.

Experts at Wiz, founded by four veterans of Azure’s in-house security team, agreed.

“In my estimation, it’s really hard for them, if not impossible, to completely rule out that someone used this before,” said one of the four, Wiz Chief Technology Officer Ami Luttwak. At Microsoft he developed tools for logging cloud security incidents.

Microsoft did not give a direct answer when asked if it had comprehensive logs for the two years when the Jupyter Notebook feature was misconfigured, or had used another way to rule out access abuse.

“We expanded our search beyond the researcher’s activities to look for all possible activity for current and similar events in the past,” said spokesman Ross Richendrfer, declining to address other questions.

Wiz said Microsoft had worked closely with it on the research but had declined to say how it could be sure earlier customers were safe.

“It’s terrifying. I really hope than no one besides us found this bug,” said one of the lead researchers on the project at Wiz, Sagi Tzadik.

(Reporting by Joseph Menn in San Francisco; Editing by Richard Chang)

Adblock test (Why?)



Source link

Continue Reading

Tech

Use the new Google Illustrations tool to create a custom Gmail profile picture – XDA Developers

Published

 on


If you use any of Google’s services, which we’re pretty sure most if not all of you do, you would be aware of the small avatar that’s displayed next to your name on Google’s homepage and other services. This is also the avatar that shows up next to your name when you email someone. It probably shows an old profile picture for most people that they set up back when Google+ was still a thing. But Google wants you to change it, and the company has released a new Illustrations tool to help you create a custom Gmail profile picture.

google illustrations tool

As per a recent report from 9to5Google, the Google Illustration tool is baked into the dialog box that appears when you select the option to change your profile picture in the Gmail app. It sits along with the options to upload a new image from your computer, choose an existing photo from Google Photos, or click a photo from your camera. As of now, the feature is rolling out on Gmail for Android, and you can try it out by tapping the avatar icon on the top right corner of the app.

You will then have to select the Illustrations tab to see hundreds of illustrations that you can use as your profile picture. This is a helpful feature for those who do not wish to reveal their identity online or make their photographs public. If you have privacy concerns with uploading your picture online but do not wish to see just your initials as your avatar, you should try out the Google Illustrations tool right away.

Google IllustrationsGoogle Illustrations

The avatar you set up will be used across all of Google’s services like Gmail, Drive, YouTube, Contacts, etc. If you want to look for illustrations related to a specific topic, you can search using relevant keywords. You can even customize the illustrations and switch out the background color to something that you prefer. In the coming months, Google plans to expand support for the Illustrations tool to other apps and iOS devices.

Adblock test (Why?)



Source link

Continue Reading

Tech

New Pokémon Legends: Arceus trailer highlights character customization, Wardens, Noble Pokémon, more – Nintendo Wire

Published

 on


Out of the blue a new trailer for Pokémon Legends: Arceus has dropped, and it’s full of new info, from character customization to a brand-new evolution for Scyther – Kleavor!

Check it out below:
 
[embedded content]
 
Pokémon Legends: Arceus launches January 22nd, 2022.
 

Written by Tom Brown

Whether it’s an exciting new entry in a series long established or a weird experiment meant only for the dedicated, Tom is eager to report on it. Rest assured, if Nintendo ever announces Elite Beat Agents 2, he’ll be there.

Tom Brown

Adblock test (Why?)



Source link

Continue Reading

Tech

Alberta doctors raise alarm on specialist staff shortages in intensive care wards – Saanich News

Published

 on


The Alberta Medical Association says the province’s high COVID-19 numbers are behind a desperate shortage of specialized staff to care for critical care patients.

“The demand for (intensive care unit) nurses is currently so high that we need to increase the number of patients assigned to each nurse,” the medical association said in a public letter Monday.

“This reduction in staffing ratio is well below our normal standard of care. This will jeopardize the quality of ICU care that we are able to provide.”

The letter was signed by members of the group’s intensive care section.

Alberta’s hospitals and intensive care wards are overwhelmed by critical care patients, most of them stricken with COVID-19. The overwhelming majority are either unvaccinated or partially vaccinated.

Alberta Health Services has been briefing doctors on criteria to use should the health system collapse and they have to make on-the-spot decisions on who gets life-saving care.

Last week, Dr. Paul Parks, the medical association’s head of emergency medicine, said the staffing shortage is affecting care in other ways. Parks said some critical care patients are not being put on available ventilators because there aren’t enough nurses to monitor them.

Kerry Williamson with Alberta Health Services says while typical ICU care is one nurse per patient, an alternative model, known as a hub, is being used to adapt to the pandemic while ensuring care is delivered.

Each hub includes one or two trained intensive care nurses and two to four registered nurses.

“This model partners registered nurses from other areas with existing trained ICU (nurses) to expand the availability of the critical-care nursing skill set to more patients,” said Williamson in an email.

“ICU patients are never cared for by nurses alone. Whole teams work with nurses in ICU, including respiratory therapists and many others. “

In recent weeks, the province has scrambled to create more ad hoc intensive care beds, effectively more than doubling the normal total of 173 to accommodate 312 patients currently receiving critical care.

Staff have been reassigned, forcing mass cancellations of surgeries, including cancer procedures.

Alberta has asked the federal government for help, and the Canadian Armed Forces has said it will respond with eight more intensive care nurses and air transport to take critically ill patients to other provinces.

Almost two weeks ago, Alberta reintroduced gathering restrictions and brought in proof of vaccination requirements for entry to restaurants, bars, casinos, concerts and gyms to try to reduce spread of the virus.

Daily case counts remain well over one thousand and a growing number of doctors and infectious disease specialists are calling for a “firebreak” lockdown, which would include a shutdown of schools, businesses and other activities.

Alberta Premier Jason Kenney, in a weekend radio interview, rejected a lockdown. He said it would make “no sense for the 80 per cent of the population that is vaccinated” and who are much less likely to transmit the disease and be hospitalized.

Alberta has lagged behind other provinces in vaccination. Kenney and his United Conservative government have been trying to persuade more people to get their shots by offering $1-million prize draws, other gifts and, more recently, $100 debit cards.

About 73 per cent of eligible Albertans, those 12 and over, are fully vaccinated, while 82 per cent have had at least one shot.

Opposition NDP Leader Rachel Notley said it’s time to partner with community groups and health-care professionals to go door to door and help those who are not vaccinated due to health or work concerns or a language barrier.

Those groups could be “having conversations and offering Alberta vaccines right there on people’s doorsteps,” Notley said in Calgary.

—Dean Bennett, The Canadian Press

RELATED: ‘Removing the gift of life’: COVID-19 wave pushing back organ transplants

RELATED: Tensions high between vaccinated and unvaccinated in Canada, poll suggests

CoronavirusHealth

Adblock test (Why?)



Source link

Continue Reading

Trending