πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.9K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.9K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25326 β€Ό

fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.

πŸ“– Read

via "National Vulnerability Database".
272 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24594 β€Ό

In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address.

πŸ“– Read

via "National Vulnerability Database".
283 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Putting the X Factor in XDR πŸ•΄

While extended detection and response (XDR) is effectively considered an upgrade from endpoint detection and response, enterprises must still begin with a strong EDR foundation.

πŸ“– Read

via "Dark Reading".
Dark Reading
Putting the X Factor in XDR
While extended detection and response (XDR) is effectively considered an upgrade from endpoint detection and response, enterprises must still begin with a strong EDR foundation.
291 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The Future of Cyber Insurance πŸ•΄

Having cyber insurance is a good idea if the costs make sense β€” it could be the difference between going out of business and staying afloat. But it shouldn't be your first course of action.

πŸ“– Read

via "Dark Reading".
Dark Reading
The Future of Cyber Insurance
Having cyber insurance is a good idea if the costs make sense β€” it could be the difference between going out of business and staying afloat. But it shouldn't be your first course of action.
287 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25374 β€Ό

HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File.

πŸ“– Read

via "National Vulnerability Database".
281 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Flurry Finance heist nets crypto thieves $295k πŸ—“οΈ

Theft topped out at six figures after DeFi platform blocked β€˜token balance multiplier’ exploit

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Flurry Finance heist nets crypto thieves $295k
Theft topped out at six figures after DeFi platform blocked β€˜token balance multiplier’ exploit
282 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24334 β€Ό

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.

πŸ“– Read

via "National Vulnerability Database".
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24338 β€Ό

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.

πŸ“– Read

via "National Vulnerability Database".
238 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24340 β€Ό

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.

πŸ“– Read

via "National Vulnerability Database".
233 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24345 β€Ό

In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.

πŸ“– Read

via "National Vulnerability Database".
178 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24339 β€Ό

JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.

πŸ“– Read

via "National Vulnerability Database".
168 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24347 β€Ό

JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.

πŸ“– Read

via "National Vulnerability Database".
162 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24327 β€Ό

In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.

πŸ“– Read

via "National Vulnerability Database".
163 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24332 β€Ό

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24329 β€Ό

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

πŸ“– Read

via "National Vulnerability Database".
158 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24331 β€Ό

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

πŸ“– Read

via "National Vulnerability Database".
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24346 β€Ό

In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.

πŸ“– Read

via "National Vulnerability Database".
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24337 β€Ό

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.

πŸ“– Read

via "National Vulnerability Database".
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24328 β€Ό

In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.

πŸ“– Read

via "National Vulnerability Database".
152 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24330 β€Ό

In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.

πŸ“– Read

via "National Vulnerability Database".
148 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24333 β€Ό

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.

πŸ“– Read

via "National Vulnerability Database".
151 views