πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.9K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.9K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22720 β€Ό

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

πŸ“– Read

via "National Vulnerability Database".
465 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22719 β€Ό

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

πŸ“– Read

via "National Vulnerability Database".
434 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23943 β€Ό

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

πŸ“– Read

via "National Vulnerability Database".
410 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ β€˜Cybersecurity incident’ at Ubisoft disrupts operations, forces company-wide password reset πŸ—“οΈ

Lapsu$ threat actors have been linked to the cyber-attack

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
β€˜Cybersecurity incident’ at Ubisoft disrupts operations, forces company-wide password reset
Lapsu$ threat actors have been linked to the cyber-attack
376 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Cybercrooks’ Political In-Fighting Threatens the West ❌

They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups' once-diminished power.

πŸ“– Read

via "Threat Post".
Threat Post
Cybercrooks’ Political In-Fighting Threatens the West
They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups' once-diminished power.
337 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0941 β€Ό

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
278 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24385 β€Ό

A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.

πŸ“– Read

via "National Vulnerability Database".
280 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24387 β€Ό

With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010

πŸ“– Read

via "National Vulnerability Database".
287 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24386 β€Ό

Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.

πŸ“– Read

via "National Vulnerability Database".
281 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24384 β€Ό

Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.

πŸ“– Read

via "National Vulnerability Database".
298 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Governments Should Decide Who Gets to Buy Spyware πŸ•΄

And the world must face the fact that offensive cyber tools have evolved into weapons that are no different from tanks, drones, or missiles.

πŸ“– Read

via "Dark Reading".
Dark Reading
Governments Should Decide Who Gets to Buy Spyware
And the world must face the fact that offensive cyber tools have evolved into weapons that are no different from tanks, drones, or missiles.
329 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Data breach at US heart disease treatment center impacts 287,000 individuals πŸ—“οΈ

South Denver Cardiology Associates admits hack

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Data breach at US heart disease treatment center impacts 287,000 individuals
South Denver Cardiology Associates admits hack
319 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0700 β€Ό

The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

πŸ“– Read

via "National Vulnerability Database".
259 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0165 β€Ό

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users

πŸ“– Read

via "National Vulnerability Database".
247 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0254 β€Ό

The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection

πŸ“– Read

via "National Vulnerability Database".
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0478 β€Ό

The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks

πŸ“– Read

via "National Vulnerability Database".
195 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25006 β€Ό

The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue

πŸ“– Read

via "National Vulnerability Database".
188 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0147 β€Ό

The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue

πŸ“– Read

via "National Vulnerability Database".
188 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0701 β€Ό

The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

πŸ“– Read

via "National Vulnerability Database".
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0593 β€Ό

The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.

πŸ“– Read

via "National Vulnerability Database".
168 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0703 β€Ό

The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

πŸ“– Read

via "National Vulnerability Database".
165 views