πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43774 β€Ό

A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords.

πŸ“– Read

via "National Vulnerability Database".
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0753 β€Ό

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.

πŸ“– Read

via "National Vulnerability Database".
232 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0841 β€Ό

OS Command Injection in GitHub repository ljharb/npm-lockfile prior to v2.0.5.

πŸ“– Read

via "National Vulnerability Database".
233 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22706 β€Ό

An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function.

πŸ“– Read

via "National Vulnerability Database".
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-45819 β€Ό

Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.

πŸ“– Read

via "National Vulnerability Database".
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25031 β€Ό

Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level.

πŸ“– Read

via "National Vulnerability Database".
284 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Attivo Expands Active Directory Protection from Unmanaged Devices, Including Mac, Linux, IoT/OT πŸ•΄

Attivo Networks ADSecure-DC solution joins the company’s existing suite of Active Directory protection products.

πŸ“– Read

via "Dark Reading".
Dark Reading
Attivo Expands Active Directory Protection from Unmanaged Devices, Including Mac, Linux, IoT/OT
Attivo Networks ADSecure-DC solution joins the company’s existing suite of Active Directory protection products.
304 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 8-Character Passwords Can Be Cracked in Less than 60 Minutes πŸ•΄

Researchers say passwords with less than seven characters can be hacked "instantly."

πŸ“– Read

via "Dark Reading".
Dark Reading
8-Character Passwords Can Be Cracked in Less than 60 Minutes
Researchers say passwords with less than seven characters can be hacked "instantly."
338 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Google WAF bypassed via oversized POST requests πŸ—“οΈ

Security research highlights web application firewall security risk

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google WAF bypassed via oversized POST requests
Security research highlights web application firewall security risk
πŸ‘1
307 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26128 β€Ό

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.

πŸ“– Read

via "National Vulnerability Database".
271 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26126 β€Ό

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.

πŸ“– Read

via "National Vulnerability Database".
247 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26125 β€Ό

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.

πŸ“– Read

via "National Vulnerability Database".
245 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26129 β€Ό

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.

πŸ“– Read

via "National Vulnerability Database".
258 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25138 β€Ό

Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter.

πŸ“– Read

via "National Vulnerability Database".
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26127 β€Ό

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c.

πŸ“– Read

via "National Vulnerability Database".
285 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” OCR Urges Organizations to Secure Health Information in 2022 πŸ”

The Director of HHS OCR called on healthcare organizations this week to strengthen their cyber posture in 2022.

πŸ“– Read

via "".
Digital Guardian
OCR Urges Organizations to Secure Health Information in 2022
The Director of HHS OCR called on healthcare organizations this week to strengthen their cyber posture in 2022.
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cybersecurity Mesh Architecture: Hope or Hype? πŸ•΄

Gartner has touted CSMA as one of the top technology trends for this year. But what is it really?

πŸ“– Read

via "Dark Reading".
266 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3620 β€Ό

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

πŸ“– Read

via "National Vulnerability Database".
229 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3602 β€Ό

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).

πŸ“– Read

via "National Vulnerability Database".
200 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23899 β€Ό

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0492 β€Ό

A vulnerability was found in the Linux kernelÒ€ℒs cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

πŸ“– Read

via "National Vulnerability Database".
179 views