Research Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL Tenant isolation is a fundamental premise of the cloud. Organizations trust that the cloud services they use, especially high value assets such as databases, are isolated from other customers. Wiz Research has discovered a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server. Dubbed #ExtraReplica,
Research ChaosDB explained: Azure's Cosmos DB vulnerability walkthrough This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers.
Research How we broke the cloud with two lines of code: the full story of ChaosDB A summary and recording of Wiz's talk at BlackHat Europe 2022: the full extent of ChaosDB, the impact it had, and the questions it raises about security in managed cloud services.
Research ChaosDB: How we hacked thousands of Azure customers’ databases As part of building a market-leading CNAPP, Wiz Research is constantly looking for new attack surfaces in the cloud. Two weeks ago we discovered an unprecedented breach that affects Azure’s flagship database service, Cosmos DB.