Connect with us

Reuters

Researchers, cybersecurity agency urge action by Microsoft cloud database users

Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp’s Azure cloud platform on Saturday urged all users to change their digital access keys, not just the 3,300 it notified this week.

Published

on

A Microsoft logo is pictured on a store in the Manhattan borough of New York City, New York, U.S., January 25, 2021. REUTERS/Carlo Allegri

Aug 28 (Reuters) – Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp’s (MSFT.O) Azure cloud platform on Saturday urged all users to change their digital access keys, not just the 3,300 it notified this week.

As first reported by Reuters, researchers at a cloud security company called Wiz discovered this month they could have gained access to the primary digital keys for most users of the Cosmos DB database system, allowing them to steal, change or delete millions of records. read more

Alerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers’ databases, then notified some users Thursday to change their keys.

In a blog post Friday, Microsoft said it warned customers which had set up Cosmos access during the weeklong research period. It found no evidence that any attackers had used the same flaw to get into customer data, it noted.

“Our investigation shows no unauthorized access other than the researcher activity,” Microsoft wrote. “Notifications have been sent to all customers that could be potentially affected due to researcher activity,” it said, perhaps referring to the chance that the technique had leaked from Wiz.

“Though no customer data was accessed, it is recommended you regenerate your primary read-write keys,” it said.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency used stronger language in a bulletin Friday, making clear it was speaking not just to those notified.

“CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key,” the agency said.

Experts at Wiz, founded by four veterans of Azure’s in-house security team, agreed.

“In my estimation, it’s really hard for them, if not impossible, to completely rule out that someone used this before,” said one of the four, Wiz Chief Technology Officer Ami Luttwak. At Microsoft he developed tools for logging cloud security incidents.

Microsoft did not give a direct answer when asked if it had comprehensive logs for the two years when the Jupyter Notebook feature was misconfigured, or had used another way to rule out access abuse.

“We expanded our search beyond the researcher’s activities to look for all possible activity for current and similar events in the past,” said spokesman Ross Richendrfer, declining to address other questions.

Wiz said Microsoft had worked closely with it on the research but had declined to say how it could be sure earlier customers were safe.

“It’s terrifying. I really hope than no one besides us found this bug,” said one of the lead researchers on the project at Wiz, Sagi Tzadik.

Reporting by Joseph Menn in San Francisco; Editing by Richard Chang

Our Standards: The Thomson Reuters Trust Principles.

Alerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers’ databases, then notified some users Thursday to change their keys.

Source: https://www.reuters.com/technology/researchers-cybersecurity-agency-urge-action-by-microsoft-cloud-database-users-2021-08-28/

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Reuters

Evergrande EV unit shares jump after chairman signals business shift

Shares in China Evergrande Group’s electric vehicles (EV) unit <0708.HK> rose on Monday as the embattled property developer moved to prioritise the growth of its nascent EV business over its troubled core real estate operations.

Published

on

A traffic light is seen near the headquarters of China Evergrande Group in Shenzhen, Guangdong province, China September 26, 2021. REUTERS/Aly Song/File Photo

HONG KONG, Oct 25 (Reuters) – Shares in China Evergrande Group’s electric vehicles (EV) unit <0708.HK> rose on Monday as the embattled property developer moved to prioritise the growth of its nascent EV business over its troubled core real estate operations.

Evergrande (3333.HK) , reeling under more than $300 billion in liabilities, averted a costly default last week with a last-minute bond coupon payment, buying it more time to head off a looming debt crunch with its next major payment deadline on Friday. read more

An announcement by its chairman, Hui Ka Yan, reported by state media on Friday, that it would make its new electric vehicle venture its primary business, instead of property, within 10 years, cheered investors on Monday.

Evergrande rose as much as 6% during the session before closing down 0.7%. China Evergrande New Energy Vehicle Group Ltd (0708.HK)rose 11.4%. The benchmark Heng Seng Index (.HSI) was flat.

Raymond Cheng, CGS-CIMB Securities’ head of China research, said the business shift makes sense given Beijing’s growing support for EVs and its increased tightening of the frothy real estate sector.

“This is the best outcome, if it just focuses on existing developments and maintains the operation,” Cheng said.

While the move would help Evergrande deleverage by gradually scaling down its massive undeveloped land holdings, Cheng said it was unclear how it would affect the company’s planned disposals including stakes in the EV unit.

Evergrande’s new vehicle business, founded in 2019, has yet to reveal a production model or sell a single vehicle. Last month, the unit warned it was still seeking new investors and asset sales, and that without either it might struggle to pay salaries and cover other expenses.

Hui expects property sales will slow to about 200 billion yuan ($31.31 billion) per year within the 10-year period, compared to more than 700 billion yuan last year, China’s Securities Times reported on Friday.

NEXT HURDLES

News late last week that Evergrande had averted a default by securing $83.5 million for the last-minute payment of interest on a bond has lifted confidence the company may be able to avoid a messy collapse that would have significant ramifications for global financial markets.

On Monday, sources told Reuters some bondholders had received coupon payments they were owed last week, which suggested debt problems were being addressed.

Evergrande next needs to find $47.5 million by Friday and has nearly $338 million in other offshore coupon payments coming up in November and December.

Broader concerns about China’s real estate sector, which accounts for a quarter of gross domestic product, still loom large for investors and policymakers in the world’s second-largest economy.

Developer Modern Land (1107.HK) has a $250 million bond maturing on Monday. It said last week it ended an attempt to seek bondholder approval to extend the maturity date of the notes by three months, citing liquidity issues.

Calls to Modern Land’s investor relations office were not answered when Reuters sought comment on whether the payment has been made.

As liquidity concerns in the sector grow, property firms with large dollar-denominated debts will meet with the National Development and Reform Commission in Beijing on Tuesday to report their total issuance volume and repayment capability, a source with direct knowledge of the matter said.

Media outlet Cailianshe first reported the meeting earlier on Monday.

Separately, Evergrande said on Sunday work had resumed on more than 10 projects in six cities including Shenzhen. Many of its projects had been halted due to payments owed to suppliers and contractors. read more

Also lifting general confidence, state media outlet Xinhua in an article on Monday said the spillover effect of Chinese real estate companies’ debt default risks to the financial industry would be controllable. read more

The report follows comments from senior officials including Vice Premier Liu He and central bank governor Yi Gang last week, who also said property companies were facing debt default issues because of poor management and a failure to adjust to market changes. read more

Reporting by Clare Jim and Donny Kwok in Hong Kong, Andrew Galbraith in Shanghai, Jing Xu in Beijing; editing by Richard, Pullin, Sam Holmes and Christian Schmollinger

Our Standards: The Thomson Reuters Trust Principles.

read more

Source: https://www.reuters.com/business/evergrande-ev-unit-shares-set-jump-after-chairman-signals-business-shift-2021-10-25/

Continue Reading

Reuters

China faces challenges from ‘mismanagement’ at certain firms, says PBOC head

China’s economy is “doing well”, but faces challenges such as default risks for certain firms due to “mismanagement”, the People’s Bank of China Governor Yi Gang said on Sunday.

Published

on

Governor of People’s Bank of China (PBOC) Yi Gang attends a news conference on China’s economic development ahead of the 70th anniversary of its founding, in Beijing, China September 24, 2019. REUTERS/Florence Lo/File Photo

  • China will be vigilant to avoid systematic risk – Yi Gang
  • Beijing will prioritise protection of consumers, home-buyers
  • China’s recovery trajectory remains unchanged – Yi Gang
  • PBOC will focus on retail, domestic use of digital yuan

Oct 17 (Reuters) – China’s economy is “doing well”, but faces challenges such as default risks for certain firms due to “mismanagement”, the People’s Bank of China Governor Yi Gang said on Sunday.

Concerns have grown in recent weeks over the possible collapse of property developer China Evergrande Group (3333.HK), which has more than $300 billion in liabilities and has missed three rounds of interest payments on its dollar bonds.

As the company wrestles with its debt, worries about a possible spillover of credit risk from China’s property sector into the broader economy have intensified. read more

Yi Gang said default risks for some firms and operational difficulties of small and mid-sized banks are among the challenges for China’s economy, and that authorities are keeping a close eye “so they do not become systematic risks”.

While growth has moderated due to a sporadic rise in coronavirus infections, China’s economy is expected to grow 8% this year, Yi said at an online meeting of the Group of 30 International Banking Seminar, which coincides with the annual meetings of the International Monetary Fund and World Bank.

Authorities will first try to prevent problems at Evergrande from spreading to other real estate companies to avoid a broader systematic risk, he added.

The rumbling crisis at Evergrande and other major homebuilders drove debt market risk premiums on weaker Chinese firms to a record high last week and triggered a fresh round of credit rating downgrades. read more

“The interest of creditors and shareholders will be fully respected strictly in accordance to law,” Yi said. “The law has clearly indicated the seniority of liabilities.”

Authorities will give the highest priority to the protection of consumers and home buyers, while respecting the rights of creditors and shareholders, he said.

The PBOC was taking various steps to fend off financial risks, such as replenishing capital for small and midsize banks, Yi Gang said.

The world’s second-largest economy has staged an impressive rebound from the pandemic but there are signs the recovery is losing steam.

“Economic growth has been slowed down a little bit, but the trajectory of economic recovery remains unchanged,” he said.

On the development of digital yuan, Yi Gang said the PBOC will focus on its domestic and retail use as cross-border and international usage was “a little bit complicated” due to requirements over issues such as money laundering.

“We will closely cooperate with the central bank community,” he said, adding that using digital yuan as a tool to promote China’s Belt and Road initiative was “not our priority at this point”.

Reporting by Leika Kihara in Tokyo; Editing by Jan Harvey

Our Standards: The Thomson Reuters Trust Principles.

Source: https://www.reuters.com/world/china/china-faces-challenges-mismanagement-certain-firms-says-pboc-head-2021-10-17/

Continue Reading

Reuters

Lenovo stock drops 17% after withdrawing Shanghai listing application

Lenovo Group Ltd saw its stock fall more than 17% on Monday, its biggest intraday decline in over a decade, after the Chinese technology giant withdrew its application for a 10 billion yuan ($1.55 billion) share listing in Shanghai.

Published

on

An employee gestures next to a Lenovo logo at Lenovo Tech World in Beijing, China November 15, 2019. REUTERS/Jason Lee

SHANGHAI, Oct 11 (Reuters) – Lenovo Group Ltd (0992.HK) saw its stock fall more than 17% on Monday, its biggest intraday decline in over a decade, after the Chinese technology giant withdrew its application for a 10 billion yuan ($1.55 billion) share listing in Shanghai.

The world’s biggest personal computer maker on Friday said it would withdraw its application, days after it had been accepted by Shanghai’s STAR Market. read more

On Sunday, Lenovo said it had done so because of the possibility of the validity of financial information in its prospectus lapsing during the application’s vetting. It did not detail reasons why the information may no longer be valid.

It also cited “relevant capital market conditions such as the latest circumstances in connection with the listing.”

“The group’s business operations are in good condition as usual. The withdrawal of the application is not expected to give rise to any adverse impact on the financial positions of the group,” Hong Kong-listed Lenovo said in the Sunday statement.

($1 = 6.4368 Chinese yuan renminbi)

Reporting by Brenda Goh and Jason Xue; Editing by Christopher Cushing

Our Standards: The Thomson Reuters Trust Principles.

On Sunday, Lenovo said it had done so because of the possibility of the validity of financial information in its prospectus lapsing during the application’s vetting. It did not detail reasons why the information may no longer be valid.

Source: https://www.reuters.com/technology/lenovo-stock-drops-17-after-withdrawing-shanghai-listing-application-2021-10-11/

Continue Reading

Trending