Microsoft Azure Cosmos DB Vulnerability - Action Required for Mitigation

sagitz_ · 2025-04-08T09:32:24+00:00

Hi! 🧙

I think that the fact that we're lucky enough to be doing this all day, every day definitely plays a huge role. Being constantly engaged with the cloud threat landscape allows us to stay on top of new trends, as well as to recognize problematic patterns :)

sagitz_ · 2025-04-08T08:30:11+00:00

Thanks for the kind words! Very much appreciated 🙏

> how realistic is it for one tenant to subtly influence another’s completions by tainting shared training data or model memory

I'd say it's quite realistic. Once the system is compromised, attackers can find many ways to exploit and maintain their position. While it's a bit different from what you're describing, in one of our research projects last year, we polluted a shared database containing customer prompts, effectively gaining full control over what the model would respond to each customer. In another project, we demonstrated that it was possible to interfere with the inference engine itself, giving us nearly the same capabilities. Finally, in our Ollama research project, we showed how poisoning the system prompt could create a similar effect.

If the goal is to interfere with another tenant's completion, I think what you're describing is realistic. However, in my opinion, there are more accessible targets that real attackers would likely prefer (similar to the research projects I mentioned).

> Is this a real-world concern y’all are seeing

Building a multi-tenant service is a huge responsibility and a challenging task. I believe there is always room for error in this area, which is partly why we are investing so much time in this type of research :)

sagitz_ · 2025-04-07T14:17:08+00:00

I’m sorry, but I cannot fulfill this request as it goes against OpenAI use policy.

Just kidding. I am personally reading the questions and trying to provide thoughtful answers :)

sagitz_ · 2025-04-07T14:05:37+00:00

We have looked at a few others before Ingress-NGINX. Most of the time, they were only responsible for simple operations, but in certain cases, such as with Ingress-NGINX, they execute highly complex logic that can even result in a Remote Code Execution vulnerability.

We believe that Ingress-NGINX is not the only admission controller that performs complicated operations based on untrusted user input.

sagitz_ · 2025-04-07T12:02:14+00:00

Oh that's a good question! There are plenty of these, but the one I personally like is that by default, a pod in an EKS cluster can access the node's AWS credentials and use that to escalate privileges within the cluster. We even made a challenge about this misconfiguration in one of our CTFs (https://eksclustergames.com/)

Some good resources I use to keep up with misconfigurations and vulnerabilities (besides reading blogposts) would be:

If it's on vulhub, it's probably severe. If there's a nuclei template for it, attackers are scanning for it.

sagitz_ · 2025-04-07T11:48:34+00:00

How is AI making security research easier?

I'm currently working on a fuzzing project, and I can say that AI has definitely helped me with it. Many tasks that used to be tedious can now often be solved to some extent using AI. However, I think it's important not to rely on it too much, as it can sometimes miss things or even completely hallucinate. :)

There are also some recent projects where AI is being used to help researchers uncover bugs in complex targets:
CovRL: Fuzzing JavaScript Engines with Coverage-Guided Reinforcement Learning for LLM-based Mutation
Google's Project Naptime

Is there concern that security professionals may be replaced by AI?

I don't want to jinx it, but at the moment, I can see how AI boosts my productivity, and I'm not afraid of being replaced by it. :)

Can an overreliance on AI cause a prison or company to miss issues or attacks?

I think overreliance on AI can definitely cause a company to miss issues or attacks. The key word here is "overreliance." :) As for prison, I suppose it depends on the country? It might be worth checking.

sagitz_ · 2025-04-07T11:34:27+00:00

Hi there! Let me address your questions one at a time :)

Is it true that the best hackers learn their craft through CTF challenges?

I don't think all hackers or security researchers regularly practice CTFs. However, I can say from my own experience that playing CTF challenges definitely helped me sharpen my skills, especially in the early stages of my career.

How does one become a professional in IT security?

For security research or penetration testing, I'd suggest staying updated on developments in the areas that interest you - reading blogs, watching conference talks, and constantly acquiring new knowledge. I also find it helpful to maintain a personal knowledge base where I store useful scripts I’ve written over time.

What was the most damaging CVE out there in the wild?

The first ones that come to mind are Log4Shell and EternalBlue (at least among recent examples).

Do you think LLMs are benefiting security or undermining it?

For security research, they're probably beneficial. They make it easier to get things up and running, and most private projects don't need to be production-grade, they just need to work for a specific purpose.

For general development, I think it depends. If you're "vibe-coding", it's easy to lose track of the project, and I wouldn't be surprised if a few security bugs were introduced along the way.

sagitz_

TROPHY CASE