πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Incognia Introduces New Location Identity Fraud Detection Tools πŸ•΄

Modules include Location Spoofing Detection, Global Mobile Address Validation, and Trusted Device Intelligence.

πŸ“– Read

via "Dark Reading".
Dark Reading
Incognia Introduces New Location Identity Fraud Detection Tools
Modules include Location Spoofing Detection, Global Mobile Address Validation, and Trusted Device Intelligence.
227 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Utah Set to Pass U.S.'s Next Data Privacy Bill πŸ”

Utah looks like it will become the fourth U.S. state, after California, Virginia, and Colorado, to pass comprehensive consumer privacy legislation.

πŸ“– Read

via "".
Digital Guardian
Utah Set to Pass U.S.'s Next Data Privacy Bill
Utah looks like it will become the fourth U.S. state, after California, Virginia, and Colorado, to pass comprehensive consumer privacy legislation.
240 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Cyberattacks Against Israeli Government Sites: β€˜Largest in the Country’s History’ ❌

DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency.

πŸ“– Read

via "Threat Post".
Threat Post
Cyberattacks Against Israeli Government Sites: β€˜Largest in the Country’s History’
DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency.
232 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25488 β€Ό

Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25497 β€Ό

CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.

πŸ“– Read

via "National Vulnerability Database".
170 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-45848 β€Ό

Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.

πŸ“– Read

via "National Vulnerability Database".
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25494 β€Ό

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.

πŸ“– Read

via "National Vulnerability Database".
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25485 β€Ό

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.

πŸ“– Read

via "National Vulnerability Database".
154 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25486 β€Ό

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.

πŸ“– Read

via "National Vulnerability Database".
149 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25492 β€Ό

HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.

πŸ“– Read

via "National Vulnerability Database".
149 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25491 β€Ό

HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.

πŸ“– Read

via "National Vulnerability Database".
150 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25489 β€Ό

Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php.

πŸ“– Read

via "National Vulnerability Database".
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25498 β€Ό

CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.

πŸ“– Read

via "National Vulnerability Database".
173 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25490 β€Ό

HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.

πŸ“– Read

via "National Vulnerability Database".
174 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25495 β€Ό

The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.

πŸ“– Read

via "National Vulnerability Database".
194 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25493 β€Ό

HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.

πŸ“– Read

via "National Vulnerability Database".
201 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25487 β€Ό

Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.

πŸ“– Read

via "National Vulnerability Database".
216 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Mobile App Developers Leave Behind 2,100 Open Databases πŸ•΄

A simple request to the VirusTotal scanning service reveals thousands of mobile-application databases left open to the public by developers in a three-month period.

πŸ“– Read

via "Dark Reading".
Dark Reading
Mobile App Developers Leave Behind 2,100 Open Databases
A simple request to the VirusTotal scanning service reveals thousands of mobile-application databases left open to the public by developers in a three-month period.
201 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ NAS Vendor Says Several of Its Products Likely Contain Linux 'Dirty Pipe' Flaw πŸ•΄

QNAP's disclosure this week is the latest reminder of the potentially wide impact of privilege escalation flaw in the Linux kernel.

πŸ“– Read

via "Dark Reading".
Dark Reading
NAS Vendor Says Several of Its Products Likely Contain Linux 'Dirty Pipe' Flaw
QNAP's disclosure this week is the latest reminder of the potentially wide impact of privilege escalation flaw in the Linux kernel.
210 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-29134 β€Ό

The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.

πŸ“– Read

via "National Vulnerability Database".
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23989 β€Ό

In Stormshield Network Security (SNS) 3.7.6 through 3.7.24, 3.11.1 through 3.11.12, 4.2.1 through 4.2.9, and 4.3.0 through 4.3.4, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.

πŸ“– Read

via "National Vulnerability Database".
207 views