Researchers break Azure PostgreSQL database-as-a-service isolation with cross-tenant attack

April 28, 2022

Read Time:27 Second

A team of researchers found two vulnerabilities in Microsoft’s Azure PostgreSQL Flexible Server that when chained together allowed them to access the PostgreSQL databases of other cloud tenants. The attack, dubbed ExtraReplica because it abused functionality related to database replication, combines a privilege escalation vulnerability that gave them the ability to execute code inside the container hosting their own database and another authentication bypass issue that allowed them to abuse the system’s replication service to access other users’ databases.

To read this article in full, please click here

RansomHouse ransomware: what you need to know

Slopsquatting

The AI Fix #46: AI can read minds now, and is your co-host a clone?

North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers

Compliance Now Biggest Cyber Challenge for UK Financial Services

Bot Traffic Overtakes Human Activity as Threat Actors Turn to AI

Organizations Found to Address Only 21% of GenAI-Related Vulnerabilities

LabHost Phishing Mastermind Sentenced to 8.5 Years

Closing the Gap: How to Build a Consistent Exposure and Vulnerability Management Workflow