πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44226 β€Ό

Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.

πŸ“– Read

via "National Vulnerability Database".
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22819 β€Ό

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update.

πŸ“– Read

via "National Vulnerability Database".
174 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25267 β€Ό

Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files).

πŸ“– Read

via "National Vulnerability Database".
179 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25041 β€Ό

OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.

πŸ“– Read

via "National Vulnerability Database".
196 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-20094 β€Ό

Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages

πŸ“– Read

via "National Vulnerability Database".
212 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-20096 β€Ό

Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.

πŸ“– Read

via "National Vulnerability Database".
232 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27254 β€Ό

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.

πŸ“– Read

via "National Vulnerability Database".
262 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25268 β€Ό

Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems.

πŸ“– Read

via "National Vulnerability Database".
284 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25266 β€Ό

Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).

πŸ“– Read

via "National Vulnerability Database".
338 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-20093 β€Ό

The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.

πŸ“– Read

via "National Vulnerability Database".
425 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27192 β€Ό

The Reporting module in Aseco Lietuva document management system DVS Avilys before 2022-03-10 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files.

πŸ“– Read

via "National Vulnerability Database".
462 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0315 β€Ό

Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.

πŸ“– Read

via "National Vulnerability Database".
443 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Flash loan attack on One Ring protocol nets crypto-thief $1.4 million πŸ—“οΈ

Price manipulation of LP tokens ejected OShare tokens from protocol

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Flash loan attack on One Ring protocol nets crypto-thief $1.4 million
Price manipulation of LP tokens ejected OShare tokens from protocol
407 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0145 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1.

πŸ“– Read

via "National Vulnerability Database".
348 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1061 β€Ό

Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.

πŸ“– Read

via "National Vulnerability Database".
328 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Top 3 Attack Trends in API Security – Podcast ❌

Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.

πŸ“– Read

via "Threat Post".
Threat Post
Top 3 Attack Trends in API Security – Podcast
Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.
324 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Microsoft Help Files Disguise Vidar Malware ❌

Attackers are hiding interesting malware in a boring place, hoping victims won’t bother to look.

πŸ“– Read

via "Threat Post".
Threat Post
Microsoft Help Files Disguise Vidar Malware
Attackers are hiding interesting malware in a boring place, hoping victims won’t bother to look.
284 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Tax-Season Scammers Spoof Fintechs, Including Stash, Public ❌

Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials.

πŸ“– Read

via "Threat Post".
Threat Post
Tax-Season Scammers Spoof Fintechs, Including Stash, Public
Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials.
301 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ FBI Most Wanted Russian national accused of running dark web marketplace πŸ—“οΈ

The 23-year-old has been indicted for operating a successful carding ring

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
FBI Most Wanted Russian national accused of running dark web marketplace
The 23-year-old has been indicted for operating a successful carding ring
290 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast] ⚠

Latest episode - listen now!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]
Latest episode – listen now!
292 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ What the Conti Ransomware Group Data Leak Tells Us πŸ•΄

Knowing the inner workings of Conti will not only help ransomware negotiators but also help organizations to better handle a ransomware attack when it happens.

πŸ“– Read

via "Dark Reading".
Dark Reading
What the Conti Ransomware Group Data Leak Tells Us
Knowing the inner workings of Conti will not only help ransomware negotiators but also help organizations to better handle a ransomware attack when it happens.
290 views