all InfoSec news
MDATP DarkGate False Positives
Oct. 5, 2023, 12:38 p.m. | /u/DocOfTheSOC
cybersecurity www.reddit.com
Has anyone else seen MDATP flagging cmd.exe as DarkGate malware on SQL servers? The file hashes come back clean and there are no events to indicate potential compromise. I know they recently posted an article on a new attack vector for lateral movement from SQL servers to cloud. So maybe the detection rules are still being tweaked. [https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/](https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/)
Would just like to confirm we aren't the only ones seeing this.
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Cybersecurity Consultant
@ Devoteam | Cité Mahrajène, Tunisia
GTI Manager of Cybersecurity Operations
@ Grant Thornton | Phoenix, AZ, United States
(Senior) Director of Information Governance, Risk, and Compliance
@ SIXT | Munich, Germany
Information System Security Engineer
@ Space Dynamics Laboratory | North Logan, UT
Intelligence Specialist (Threat/DCO) - Level 3
@ Constellation Technologies | Fort Meade, MD
Cybersecurity GRC Specialist (On-site)
@ EnerSys | Reading, PA, US, 19605