all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement

Add to bookmarks
Oct. 3, 2023, 4:30 p.m. | Microsoft Threat Intelligence

Microsoft Security Blog www.microsoft.com

Microsoft security researchers recently identified an attack where attackers attempted to move laterally to a cloud environment through a SQL Server instance. The attackers initially exploited a SQL injection vulnerability in an application within the target’s environment to gain access and elevated permissions to a Microsoft SQL Server instance deployed in an Azure Virtual Machine (VM). The attackers then used the acquired elevated permission to attempt to move laterally to additional cloud resources by abusing the server’s cloud identity.


The …

access application attack attackers cloud defending environment exploited injection instance lateral movement microsoft microsoft security microsoft sql microsoft sql server permissions researchers security security researchers server sql sql injection sql server target threat threat actors vulnerability

Visit resource

More from www.microsoft.com / Microsoft Security Blog

Security above all else—expanding Microsoft’s Secure Future Initiative 2 days, 2 hours ago | www.microsoft.com
blog cyberthreat driving future +8
Microsoft introduces passkeys for consumer accounts 3 days, 4 hours ago | www.microsoft.com
accounts blog consumer microsoft +7
Microsoft named overall leader in KuppingerCole Leadership Compass for ITDR 3 days, 19 hours ago | www.microsoft.com
and response capabilities compass detection +22
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials 1 week, 6 days ago | www.microsoft.com
blizzard compromise credentials cve +20
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters 2 weeks, 4 days ago | www.microsoft.com
access attack attackers blog +17
How Microsoft discovers and mitigates evolving attacks against AI guardrails 3 weeks, 3 days ago | www.microsoft.com
address attacks blog guardrails +8
Explore Microsoft’s AI innovations at RSA Conference 2024 1 month ago | www.microsoft.com
ai innovations blog conference event +12
Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview 1 month ago | www.microsoft.com
can center comprehensive approach cybersecurity +14
​​Frost & Sullivan names Microsoft a Leader in the Frost Radar™: Managed Detection and Response, … 1 month, 1 week ago | www.microsoft.com
amp and response center defender +25

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Information Assurance Security Specialist (IASS)

@ OBXtek Inc. | United States
View on infosec-jobs.com

Cyber Security Technology Analyst

@ Airbus | Bengaluru (Airbus)
View on infosec-jobs.com

Vice President, Cyber Operations Engineer

@ BlackRock | LO9-London - Drapers Gardens
View on infosec-jobs.com

Cryptography Software Developer

@ Intel | USA - AZ - Chandler
View on infosec-jobs.com

Lead Consultant, Geology

@ WSP | Richmond, VA, United States
View on infosec-jobs.com

BISO Cybersecurity Director

@ ABM Industries | Alpharetta, GA, United States
View on infosec-jobs.com
View more jobs