June 1, 2022
Photo: Grant Hindsley/Bloomberg via Getty Images
Hello, and welcome to Protocol Enterprise! Today: an in-depth look at what security researchers believe is a “concerning” pattern of severe security flaws within Microsoft Azure, Capital One is now a SaaS company, and why sanctions won’t stop ransomware.
One of the biggest hacks of all time happened last summer, and the world barely noticed.
In August 2021, hackers broke into a widely used database service on Microsoft’s Azure public cloud platform. They reported gaining access to databases in thousands of customer environments, or tenants, including those of numerous Fortune 500 companies. This was possible because the cloud runs on shared infrastructure — and as it turns out, that can uncover some shared risks that cloud providers thought were solved problems.
Including ChaosDB, five of the critical vulnerabilities demonstrated the possibility of breaching large numbers of different cloud environments, or tenants, in one fell swoop. A cross-tenant flaw like ChaosDB is “the most severe vulnerability that could be found in a cloud service provider,” said Shir Tamari, head of Research at Wiz.
First contacted over a week ago to discuss the reporting in this story, Microsoft declined to make a representative available to comment on the record.
Other researchers and analysts told Protocol they don’t think these findings point to any weakness in Microsoft’s approach to securing its Azure services as compared to AWS or Google Cloud.
Accounts receivable is critical to positive customer experiences, yet many leaders overlook it. This limits the potential for success and gives competitors an opportunity to get ahead. Learn how collaborative AR not only optimizes your bottom line, but also gives you a unique edge in the market.
You’ve probably noticed Capital One talking up its cloud expertise over the years and wondered: You’re a bank, right?
Now we know a little more about its plans. The credit card behemoth launched a business software division today called Capital One Software. Its first product? Cloud data management software designed to work with Snowflake.
It’s called Capital One Slingshot, and it’s designed to help customers manage current cloud costs, predict future costs and automate data governance. Of course, these are things Capital One has had to do internally for years since it loudly moved to AWS in 2015.
While creating a new business line selling software may be risky, it is a way for Capital One to create new revenue streams from what it’s already built, and taking advantage of existing sales connections through its enterprise customers and its Snowflake partnership.
Plus, it has hundreds of engineers building tech used internally already. When Protocol spoke earlier this year with Mike Eason, the company’s senior vice president of CIO Enterprise Data and Machine Learning, he said his team alone included 1,800 engineers and technology staff.
What could be next? Well, Capital One has made a point of talking up its machine-learning capabilities. And Eason’s team? It’s been developing a self-service data pipeline and platform with tools for in-house staff to access data to build and train machine-learning models.
That internal ML platform just might be ripe to package and sell, too.— Kate Kaye (email | twitter)
In comments that've been much-discussed in the cybersecurity community, NSA official Rob Joyce has reportedly suggested several times that western sanctions against Russia have constrained ransomware in 2022. But it'll take more than just sanctions to make a serious dent in ransomware attacks coming out of Russia, former CISA director Chris Krebs told me this week.
It's true that sanctions have likely made it more difficult for ransomware gangs to move the funds that they've extracted from victims, Krebs said. But at the same time, "there's no question that ransomware is still very, very active," he said, pointing to incidents such as Costa Rica's declaration of a state of emergency following an attack by the Russia-linked ransomware group Conti.
"There's plenty of evidence that cybercriminals have not felt the pain necessary" to halt their attacks, said Krebs, who served as the first director of the U.S. Cybersecurity and Infrastructure Security Agency and is now a founding partner at cybersecurity consulting firm Krebs Stamos Group. "Somehow, it's still profitable for them."
Beyond financial factors, the large number of vulnerable systems and the safe haven for the groups in Russia are other key enablers for ransomware to keep in mind, he said. To curtail ransomware attacks in a major way, Krebs told me, "I think it's going to require all three of those things to change in some fashion."
Canadian icon Tim Hortons, the coffee and donut shop of the Great White North, collected data on its app’s users, even when the app wasn’t in use. Sounds bad, eh?
Oracle said it has received regulatory approval to acquire Cerner, but the deal won’t be official until Cerner shareholders sign off, which Oracle expects to happen next week.
Intel acquired Codeplay Software, a Scottish company working on open-source programming models, for an undisclosed amount.
Microsoft Active Directory users suffered through hours of login and notification delays after something went wrong just days after Microsoft rebranded the group as Entra.
It’s hard to find an executive who’d say customer experience isn’t a priority for them. Yet, only 44% of them see better communication with customers as a benefit of digitizing AR. This presents a massive opportunity, and collaborative AR is the key to seizing it.
Thanks for reading — see you tomorrow!