πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
26.1K subscribers
89.3K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.1K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46033 β€Ό

In ForestBlog, as of 2021-12-28, File upload can bypass verification.

πŸ“– Read

via "National Vulnerability Database".
171 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Tax scam emails are alive and well as US tax season starts ⚠

If in doubt, don't give it out! (And don't forget that no reply is often a good reply.)

πŸ“– Read

via "Naked Security".
Naked Security
Tax scam emails are alive and well as US tax season starts
If in doubt, don’t give it out! (And don’t forget that no reply is often a good reply.)
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Striking a Balance Between Cybersecurity Awareness and Anxiety πŸ•΄

Employees don't have to be paralyzed by fear to keep the company safe. They just have to understand what threats look like and how to stop them.

πŸ“– Read

via "Dark Reading".
Dark Reading
Striking a Balance Between Cybersecurity Awareness and Anxiety
Employees don't have to be paralyzed by fear to keep the company safe. They just have to understand what threats look like and how to stop them.
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 8 Security Startups to Watch in 2022 πŸ•΄

Cloud security, API security, and incident response are among the issues up-and-coming security companies are working on.

πŸ“– Read

via "Dark Reading".
Dark Reading
8 Security Startups to Watch in 2022
Cloud security, API security, and incident response are among the issues up-and-coming security companies are working on.
212 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ New MacOS Malware β€˜DazzleSpy’ Used in Watering-Hole Attacks ❌

A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a new macOS backdoor that researchers dubbed DazzleSpy.

πŸ“– Read

via "Threat Post".
Threat Post
MacOS Malware β€˜DazzleSpy’ Used in Watering-Hole Attacks
A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a powerful macOS backdoor that researchers dubbed DazzleSpy.
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0351 β€Ό

Access of Memory Location Before Start of Buffer in Conda vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
213 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-39031 β€Ό

IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875.

πŸ“– Read

via "National Vulnerability Database".
205 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet ❌

Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country's only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population.

πŸ“– Read

via "Threat Post".
Threat Post
Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet
Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country's only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population.
200 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin ❌

A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets.

πŸ“– Read

via "Threat Post".
Threat Post
Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin
A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets.
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Segway Hit by Magecart Attack Hiding in a Favicon ❌

Visitors who shopped on the company's eCommerce website in January will likely find their payment-card data heisted, researchers warned.

πŸ“– Read

via "Threat Post".
Threat Post
Segway Hit by Magecart Attack Hiding in a Favicon
Visitors who shopped on the company's eCommerce website in January will likely find their payment-card data heisted, researchers warned.
152 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0333 β€Ό

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.

πŸ“– Read

via "National Vulnerability Database".
140 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23020 β€Ό

On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

πŸ“– Read

via "National Vulnerability Database".
139 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-45729 β€Ό

The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps.

πŸ“– Read

via "National Vulnerability Database".
125 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23009 β€Ό

On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

πŸ“– Read

via "National Vulnerability Database".
118 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0332 β€Ό

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

πŸ“– Read

via "National Vulnerability Database".
116 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22789 β€Ό

Charactell - FormStorm Enterprise Account takeover Γ’β‚¬β€œ An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.

πŸ“– Read

via "National Vulnerability Database".
112 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23024 β€Ό

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

πŸ“– Read

via "National Vulnerability Database".
115 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-4133 β€Ό

A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.

πŸ“– Read

via "National Vulnerability Database".
115 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23011 β€Ό

On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Protection feature. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

πŸ“– Read

via "National Vulnerability Database".
115 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23026 β€Ό

On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

πŸ“– Read

via "National Vulnerability Database".
112 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23019 β€Ό

On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a message routing type virtual server is configured with both Diameter Session and Router Profiles, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

πŸ“– Read

via "National Vulnerability Database".
114 views