Protecting against #ChaosDB

Cloud security researchers @sagitz and @nirohfeld who both work at Wiz recently discovered what I think is a major vulnerability that exploits the recent CosmosDB Jupyter notebook feature to escalate access into other customer notebooks, harvest the CosmosDB keys and access their data!! This vulnerability has been tagged “#ChaosDB”. Microsoft has since disabled this feature and notified customers— https://www.theregister.com/2021/08/27/chaos_db_azure_cosmos_flaw/. So […]