๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.9K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.9K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-24838 โ€ผ

The AnyComment WordPress plugin through 0.2.17 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.

๐Ÿ“– Read

via "National Vulnerability Database".
221 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-25036 โ€ผ

The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldnรƒยขรขโ€šยฌรขโ€žยขt have access to. This could ultimately enable users with low-privileged accounts, like subscribers, to perform remote code execution on affected sites.

๐Ÿ“– Read

via "National Vulnerability Database".
220 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-0240 โ€ผ

mruby is vulnerable to NULL Pointer Dereference

๐Ÿ“– Read

via "National Vulnerability Database".
230 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-25037 โ€ผ

The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected siteรขโ‚ฌโ„ขs database (e.g., usernames and hashed passwords).

๐Ÿ“– Read

via "National Vulnerability Database".
246 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-25046 โ€ผ

The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS.

๐Ÿ“– Read

via "National Vulnerability Database".
264 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-3862 โ€ผ

icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

๐Ÿ“– Read

via "National Vulnerability Database".
303 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-25067 โ€ผ

The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.

๐Ÿ“– Read

via "National Vulnerability Database".
310 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-25065 โ€ผ

The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.

๐Ÿ“– Read

via "National Vulnerability Database".
327 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-0256 โ€ผ

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

๐Ÿ“– Read

via "National Vulnerability Database".
335 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-0257 โ€ผ

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

๐Ÿ“– Read

via "National Vulnerability Database".
346 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-0258 โ€ผ

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

๐Ÿ“– Read

via "National Vulnerability Database".
375 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ—“๏ธ Celebrations over REvil ransomware arrests in Russia may be premature ๐Ÿ—“๏ธ

โ€˜Itโ€™s not clear whether the developers or lower-level criminals were arrestedโ€™, threat intel experts tell The Daily Swig

๐Ÿ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Celebrations over REvil ransomware arrests in Russia may be premature
โ€˜Itโ€™s not clear whether the developers or lower-level criminals were arrestedโ€™, security experts tell The Daily Swig
431 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-38965 โ€ผ

IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 212346.

๐Ÿ“– Read

via "National Vulnerability Database".
502 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-33040 โ€ผ

managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS.

๐Ÿ“– Read

via "National Vulnerability Database".
517 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-22703 โ€ผ

In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.

๐Ÿ“– Read

via "National Vulnerability Database".
503 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-0245 โ€ผ

Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.

๐Ÿ“– Read

via "National Vulnerability Database".
474 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-44757 โ€ผ

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.

๐Ÿ“– Read

via "National Vulnerability Database".
471 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ—“๏ธ Researchers discover โ€˜extremely easyโ€™ 2FA bypass in Box cloud management software ๐Ÿ—“๏ธ

Breaking the Box

๐Ÿ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researchers discover โ€˜extremely easyโ€™ 2FA bypass in Box cloud management software
Breaking the Box
416 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โŒ Organizations Face a โ€˜Losing Battleโ€™ Against Vulnerabilities โŒ

Companies must take more โ€˜innovative and proactiveโ€™ approaches to security in 2022 to combat threats that emerged last year, researchers said.

๐Ÿ“– Read

via "Threat Post".
Threat Post
Organizations Face a โ€˜Losing Battleโ€™ Against Vulnerabilities
Companies must take more โ€˜innovative and proactiveโ€™ approaches to security in 2022 to combat threats that emerged last year, researchers said.
336 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด 5 Reasons Why M&A Is the Engine Driving Cybersecurity ๐Ÿ•ด

Consistent acquisition of key technologies and talent is a proven strategy for growth.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
5 Reasons Why M&A Is the Engine Driving Cybersecurity
Consistent acquisition of key technologies and talent is a proven strategy for growth.
261 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด How to Avoid Putting Data At Risk During the Great Resignation ๐Ÿ•ด

Never before have companies offboarded employees at this pace, making it more likely that some processes, from protecting data to revoking the employee's access, will slip through the cracks.

๐Ÿ“– Read

via "Dark Reading".
247 views