πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24327 β€Ό

In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.

πŸ“– Read

via "National Vulnerability Database".
163 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24332 β€Ό

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24329 β€Ό

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

πŸ“– Read

via "National Vulnerability Database".
158 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24331 β€Ό

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

πŸ“– Read

via "National Vulnerability Database".
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24346 β€Ό

In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.

πŸ“– Read

via "National Vulnerability Database".
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24337 β€Ό

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.

πŸ“– Read

via "National Vulnerability Database".
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24328 β€Ό

In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.

πŸ“– Read

via "National Vulnerability Database".
152 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24330 β€Ό

In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.

πŸ“– Read

via "National Vulnerability Database".
148 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24333 β€Ό

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.

πŸ“– Read

via "National Vulnerability Database".
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24343 β€Ό

In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24336 β€Ό

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.

πŸ“– Read

via "National Vulnerability Database".
167 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24344 β€Ό

JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24335 β€Ό

JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24342 β€Ό

In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.

πŸ“– Read

via "National Vulnerability Database".
215 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Top 5 Interview Questions to Ask DevOps Candidates in 2022 πŸ•΄

It's worthwhile to find candidates who have experience with models that embed security into their processes.

πŸ“– Read

via "Dark Reading".
Dark Reading
Top 5 Interview Questions to Ask DevOps Candidates in 2022
It's worthwhile to find candidates who have experience with models that embed security into their processes.
229 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript] ⚠

Latest episode - listen now!

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
247 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers? ⚠

Calling all website coders: Y2K was then. V1H is now!

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
249 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ 6 Cyber-Defense Steps to Take Now to Protect Your Company ❌

Ransomware is getting worse, but Daniel Spicer, chief security officer at Ivanti, offers a checklist for choosing defense solutions to meet the challenge.

πŸ“– Read

via "Threat Post".
Threat Post
6 Cyber-Defense Steps to Take Now to Protect Your Company
Ransomware is getting worse, but Daniel Spicer, chief security officer at Ivanti, offers a checklist for choosing defense solutions to meet the challenge.
266 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Friday Five 2/25 πŸ”

Ransomware hits the industrial sector, behind the scenes of stalkerware network, and more - catch up on the infosec news of the week with the Friday Five!

πŸ“– Read

via "".
Digital Guardian
Friday Five 2/25
Ransomware hits the industrial sector, behind the scenes of a stalkerware network, and more - catch up on the infosec news of the week with the Friday Five!
230 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38993 β€Ό

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962.

πŸ“– Read

via "National Vulnerability Database".
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β™ŸοΈ Russia Sanctions May Spark Escalating Cyber Conflict β™ŸοΈ

President Biden joined European leaders this week in enacting economic sanctions against Russia in response its military invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its allies, which could escalate into cyber attacks on Western financial institutions and energy infrastructure.

πŸ“– Read

via "Krebs on Security".
Krebsonsecurity
Russia Sanctions May Spark Escalating Cyber Conflict
President Biden joined European leaders this week in enacting economic sanctions against Russia in response its military invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian…
264 views