Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-35835: Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

Microsoft Security Response Center
Open in Source
#sql#vulnerability#web#microsoft#rce#auth#Windows OLE#Security Vulnerability
CVE-2022-35834: Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

Google Buys Cyber Security Firm Mandiant for $5.4 Billion

By Waqas Mandiant will be integrated into the Google Cloud unit. This is a post from HackRead.com Read the original post: Google Buys Cyber Security Firm Mandiant for $5.4 Billion

CVE-2022-36174: Freshservice Release Notes - April 2022 | Freshworks Community

FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.

6 patch management best practices for businesses

Categories: Business Patching is a thorn in the side of many businesses today: Everything from keeping up with the volume of patches to prioritizing what needs to be patched first can cause major delays in a business's patching process. In this post, we’ll give you six patch management best practices for businesses. (Read more...) The post 6 patch management best practices for businesses appeared first on Malwarebytes Labs.

Security Awareness Training Must Evolve to Align With Growing E-Commerce Security Threats

Users must continually be made aware of new threats, including attacks targeting shipping, the supply chain, email, and hybrid workers.

Scammers Leveraging Microsoft Team GIFs in Phishing Attacks

By Deeba Ahmed Dubbed GIFShell; the technique allows attackers to create a reverse shell to facilitate malicious command delivery via base64-encoded GIFs in MS Teams. This is a post from HackRead.com Read the original post: Scammers Leveraging Microsoft Team GIFs in Phishing Attacks

Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents

A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran's Islamic Revolutionary Guard Corps (

Hackers Target Los Angeles School District With Ransomware

Plus: Albania cuts ties with Iran, claims of a TikTok data breach that didn’t happen, and much more.