πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Friday Five 4/8 πŸ”

The takedown of a darknet powerhouse, cybercriminals getting more creative, how the most common insider cyber threats may not be quite what you suspect, and more – catch up on this week’s news with the Friday Five!

πŸ“– Read

via "".
Digital Guardian
Friday Five 4/8
The takedown of a darknet powerhouse, cybercriminals getting more creative, how the most common insider cyber threats may not be quite what you suspect, and more – catch up on this week’s news with the Friday Five!
333 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46437 β€Ό

An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.

πŸ“– Read

via "National Vulnerability Database".
316 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46436 β€Ό

An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.

πŸ“– Read

via "National Vulnerability Database".
325 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Security Nihilism Is Putting Your Company β€” and Its Employees β€” at Risk πŸ•΄

Some enterprise security tactics can backfire, pitting IT and security teams against the employees they’re trying to protect.

πŸ“– Read

via "Dark Reading".
Dark Reading
Security Nihilism Is Putting Your Company β€” and Its Employees β€” at Risk
Some enterprise security tactics can backfire, pitting IT and security teams against the employees they’re trying to protect.
299 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46367 β€Ό

RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.

πŸ“– Read

via "National Vulnerability Database".
286 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24229 β€Ό

A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.

πŸ“– Read

via "National Vulnerability Database".
271 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Third member of FIN7 cybercrime gang jailed over card skimming scheme πŸ—“οΈ

US authorities sentence pen tester to five years in prison

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Third member of FIN7 cybercrime gang jailed over card skimming scheme
US authorities sentence pen tester to five years in prison
261 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ ByteChek Founder AJ Yawn Brings Discipline to Everything He Does πŸ•΄

Security Pro File: The former Army captain, whose security startup is on an upward trajectory, works hard to "make compliance suck less."

πŸ“– Read

via "Dark Reading".
Dark Reading
ByteChek Founder AJ Yawn Brings Discipline to Everything He Does
Security Pro File: The former Army captain, whose security startup is on an upward trajectory, works hard to "make compliance suck less."
270 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast] ⚠

Latest episode - listen now! Cybersecurity news and advice in plain English.

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]
Latest episode – listen now! Cybersecurity news and advice in plain English.
272 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now! ⚠

A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it.

πŸ“– Read

via "Naked Security".
Naked Security
Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now!
A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it.
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Google Play Bitten by Sharkbot Info-stealer β€˜AV Solution’ ❌

Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times.

πŸ“– Read

via "Threat Post".
Threat Post
Google Play Bitten by Sharkbot Info-stealer β€˜AV Solution’
Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times.
276 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41715 β€Ό

libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.

πŸ“– Read

via "National Vulnerability Database".
248 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27044 β€Ό

libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876.

πŸ“– Read

via "National Vulnerability Database".
257 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27046 β€Ό

libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.

πŸ“– Read

via "National Vulnerability Database".
281 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  OpenSSH 9.0p1 πŸ› 

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
OpenSSH 9.0p1 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
πŸ‘1
278 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40656 β€Ό

libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.

πŸ“– Read

via "National Vulnerability Database".
233 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22339 β€Ό

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736.

πŸ“– Read

via "National Vulnerability Database".
225 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27148 β€Ό

GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.

πŸ“– Read

via "National Vulnerability Database".
211 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27147 β€Ό

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.

πŸ“– Read

via "National Vulnerability Database".
190 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27047 β€Ό

mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27146 β€Ό

GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.

πŸ“– Read

via "National Vulnerability Database".
187 views