πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26255 β€Ό

Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column.

πŸ“– Read

via "National Vulnerability Database".
201 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44213 β€Ό

OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26258 β€Ό

D-Link DIR-820L 1.05B03 was discovered to contain a remote command execution (RCE) vulnerability via the Device Name parameter in /lan.asp.

πŸ“– Read

via "National Vulnerability Database".
216 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-45490 β€Ό

The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.

πŸ“– Read

via "National Vulnerability Database".
228 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44211 β€Ό

OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.

πŸ“– Read

via "National Vulnerability Database".
260 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-26601 β€Ό

ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.

πŸ“– Read

via "National Vulnerability Database".
285 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44210 β€Ό

OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.

πŸ“– Read

via "National Vulnerability Database".
333 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44209 β€Ό

OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.

πŸ“– Read

via "National Vulnerability Database".
397 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44212 β€Ό

OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.

πŸ“– Read

via "National Vulnerability Database".
407 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27950 β€Ό

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.

πŸ“– Read

via "National Vulnerability Database".
446 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ UK police arrest 7 hacking suspects – have they bust the LAPSUS$ gang? ⚠

Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from?

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
396 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ FCC adds Kaspersky products to list of national security threats as Russian invasion of Ukraine continues πŸ—“οΈ

Russian antivirus vendor cited in expanded guidance

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
FCC adds Kaspersky products to list of national security threats as Russian invasion of Ukraine continues
Russian antivirus vendor cited in expanded guidance
365 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Security's Life Cycle Isn't the Developers' Life Cycle πŸ•΄

Whether it's PCI-DSS, SSDLC, or GDPR, the criteria that security standards expect businesses to uphold are neither realistic or feasible.

πŸ“– Read

via "Dark Reading".
Dark Reading
Security's Life Cycle Isn't the Developers' Life Cycle
Whether it's PCI-DSS, SSDLC, or GDPR, the criteria that security standards expect businesses to uphold are neither realistic or feasible.
275 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Google Chrome patches mysterious new zero-day bug – update now ⚠

CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
πŸ‘1
277 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23884 β€Ό

Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer).

πŸ“– Read

via "National Vulnerability Database".
243 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23882 β€Ό

TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php.

πŸ“– Read

via "National Vulnerability Database".
243 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46434 β€Ό

** UNSUPPORTED WHEN ASSIGNED ** EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid.

πŸ“– Read

via "National Vulnerability Database".
258 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43725 β€Ό

There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.

πŸ“– Read

via "National Vulnerability Database".
283 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0342 β€Ό

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.

πŸ“– Read

via "National Vulnerability Database".
318 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ ENISA urges data-handling innovation amid growing tide of healthcare breaches πŸ—“οΈ

Infosec agency sets out use cases for clinical trials, data exchange, and connected devices

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
ENISA urges data-handling innovation amid growing tide of healthcare breaches
Infosec agency sets out use cases for clinical trials, data exchange, and connected devices
331 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Attackers getting faster at latching onto unpatched vulnerabilities for stealth hacking campaigns – report πŸ—“οΈ

Enterprises need to be ready with β€˜battle-tested incident response procedures’ as zero-day exploitation ramps up

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Attackers getting faster at latching onto unpatched vulnerabilities for stealth hacking campaigns – report
Enterprises need to be ready with β€˜battle-tested incident response procedures’ as zero-day exploitation ramps up
348 views