πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0708 β€Ό

Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure.

πŸ“– Read

via "National Vulnerability Database".
260 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44568 β€Ό

Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.

πŸ“– Read

via "National Vulnerability Database".
241 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27796 β€Ό

A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow an authenticated attacker within the restricted shell environment (rbash) as either the Ò€œuserҀ� or Ò€œfactoryҀ� account, to read the contents of any file on the filesystem utilizing one of a few available binaries.

πŸ“– Read

via "National Vulnerability Database".
222 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25599 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).

πŸ“– Read

via "National Vulnerability Database".
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23983 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).

πŸ“– Read

via "National Vulnerability Database".
202 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27755 β€Ό

"Sametime Android potential path traversal vulnerability when using File class"

πŸ“– Read

via "National Vulnerability Database".
202 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27797 β€Ό

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system.

πŸ“– Read

via "National Vulnerability Database".
205 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-26256 β€Ό

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).

πŸ“– Read

via "National Vulnerability Database".
212 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27753 β€Ό

"Sametime Android PathTraversal Vulnerability"

πŸ“– Read

via "National Vulnerability Database".
215 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24295 β€Ό

Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.

πŸ“– Read

via "National Vulnerability Database".
233 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44141 β€Ό

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

πŸ“– Read

via "National Vulnerability Database".
251 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0564 β€Ό

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.

πŸ“– Read

via "National Vulnerability Database".
305 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23984 β€Ό

Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).

πŸ“– Read

via "National Vulnerability Database".
327 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22308 β€Ό

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891.

πŸ“– Read

via "National Vulnerability Database".
373 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-4115 β€Ό

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
400 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24564 β€Ό

Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.

πŸ“– Read

via "National Vulnerability Database".
409 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0676 β€Ό

Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.4.

πŸ“– Read

via "National Vulnerability Database".
467 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ NFT Investors Lose $1.7M in OpenSea Phishing Attack ❌

Attackers took advantage of a smart-contract migration to swindle 17 users.

πŸ“– Read

via "Threat Post".
Threat Post
NFT Investors Lose $1.7M in OpenSea Phishing Attack
Attackers took advantage of a smart-contract migration to swindle 17 users.
666 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Jaw-dropping Coinbase security bug allowed users to steal unlimited cryptocurrency πŸ—“οΈ

Researcher nets $250,000 for β€˜potentially market-nuking’ vulnerability

πŸ“– Read

via "The Daily Swig".
πŸ”₯3πŸ‘1
483 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Hidden Costs of a Data Breach πŸ•΄

Don't consider just the initial costs. Hidden factors include remediation, revenue loss, reputational harm, national security β€” even human life.

πŸ“– Read

via "Dark Reading".
Dark Reading
Hidden Costs of a Data Breach
Don't consider just the initial costs. Hidden factors include remediation, revenue loss, reputational harm, national security β€” even human life.
439 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ AirTag clone bypassed Apple’s tracking-protection features, claims researcher πŸ—“οΈ

Third-party app allegedly outperforms Find My service by detecting the DIY device

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
AirTag clone bypassed Apple’s tracking-protection features, claims researcher
Third-party app allegedly outperforms Find My service by detecting the DIY device
πŸ‘1
403 views