πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28719 β€Ό

Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.

πŸ“– Read

via "National Vulnerability Database".
420 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29817 β€Ό

In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible

πŸ“– Read

via "National Vulnerability Database".
358 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29812 β€Ό

In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient

πŸ“– Read

via "National Vulnerability Database".
326 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29811 β€Ό

In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.

πŸ“– Read

via "National Vulnerability Database".
294 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29813 β€Ό

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible

πŸ“– Read

via "National Vulnerability Database".
249 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33436 β€Ό

NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.

πŸ“– Read

via "National Vulnerability Database".
218 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29815 β€Ό

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible

πŸ“– Read

via "National Vulnerability Database".
193 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29816 β€Ό

In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible

πŸ“– Read

via "National Vulnerability Database".
184 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29814 β€Ό

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible

πŸ“– Read

via "National Vulnerability Database".
191 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29821 β€Ό

In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible

πŸ“– Read

via "National Vulnerability Database".
190 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29818 β€Ό

In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed

πŸ“– Read

via "National Vulnerability Database".
193 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29819 β€Ό

In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29820 β€Ό

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible

πŸ“– Read

via "National Vulnerability Database".
212 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1509 β€Ό

Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.

πŸ“– Read

via "National Vulnerability Database".
229 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ A Peek into Visa's AI Tools Against Fraud πŸ•΄

Visa has invested heavily in data analytics and artificial intelligence over the past five years to secure the movement of money and keep fraud rates low.

πŸ“– Read

via "Dark Reading".
Dark Reading
A Peek into Visa's AI Tools Against Fraud
Visa has invested heavily in data analytics and artificial intelligence over the past five years to secure the movement of money and keep fraud rates low.
254 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Ransomware Survey 2022 – like the Curate’s Egg, β€œgood in parts” ⚠

You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look!

πŸ“– Read

via "Naked Security".
Naked Security
Ransomware Survey 2022 – like the Curate’s Egg, β€œgood in parts”
You might not like the headline statistics in this year’s ransomware report… but that makes it even more important to take a look!
275 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Cyberattacks Rage in Ukraine, Support Military Operations ❌

At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure.

πŸ“– Read

via "Threat Post".
Threat Post
Cyberattacks Rage in Ukraine, Support Military Operations
At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure.
694 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Attacker Breach β€˜Dozens’ of GitHub Repos Using Stolen OAuth Tokens ❌

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.

πŸ“– Read

via "Threat Post".
Threat Post
Attacker Breach β€˜Dozens’ of GitHub Repos Using Stolen OAuth Tokens
GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.
303 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast] ⚠

Latest episode - listen now!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]
Latest episode – listen now!
258 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Socket: New tool takes a proactive approach to prevent OSS supply chain attacks πŸ—“οΈ

Signal detector aims to help developers to stay ahead of threats

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Socket: New tool takes a proactive approach to prevent OSS supply chain attacks
Signal detector aims to help developers to stay ahead of threats
246 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29152 β€Ό

The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page.

πŸ“– Read

via "National Vulnerability Database".
234 views