“The inadvertent error has existed on the Internet since 2020” – Kommersant FM
[ad_1]
Kommersant FM columnist Alexander Levi talks about who and how discovered the vulnerability, due to which 38 terabytes of the corporation’s data were publicly available.
Microsoft artificial intelligence researchers accidentally opened up access to 38 TB of corporate data. This volume of confidential information included passwords to services, secret keys, over 30 thousand internal Microsoft Teams messages from hundreds of company employees, personal information and backup copies of personal computers of Redmond team employees.
The vulnerability was discovered by Wiz, a startup that specializes in cloud computing security. In the process of its research on the problems of accidental data disclosure, the startup reached an open source repository on GitHub, owned by one of the Microsoft divisions.
This repository contained artificial intelligence models for image recognition, which were accessible via a link. And it was precisely in the URL settings that the vulnerability was contained.
Microsoft employees granted rights not only to read and download specific files, but to the entire repository account, which led to the disclosure of additional information.
The inadvertent error, which granted full control rights, has existed on the Internet since 2020, the authors of the discovery told TechCrunch. According to them, anyone who knew where to look could potentially remove, replace, and introduce malicious content at will.
Representatives from the Microsoft Security Response Center have assured that no customer data was exposed and no other internal services were at risk due to this issue.
I will add: they are also trying to eliminate the human factor in security matters with the help of artificial intelligence. According to a report from the specialized resource GitNux, by 2025 the global AI market in the field of cybersecurity will exceed $38 billion. And by the end of this year, half of the organizations will be actively using the mentioned tools.
[ad_2]
Source link
