πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29585 β€Ό

In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of).

πŸ“– Read

via "National Vulnerability Database".
219 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22427 β€Ό

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720.

πŸ“– Read

via "National Vulnerability Database".
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Microsoft: Russia Using Cyberattacks in Coordination With Military Invasion of Ukraine πŸ•΄

Six Russian state-backed threat actors have lunched 237 cyberattacks on Ukraine's infrastructure, new research from MIcrosoft shows.

πŸ“– Read

via "Dark Reading".
Dark Reading
Microsoft: Russia Using Cyberattacks in Coordination With Military Invasion of Ukraine
Six Russian state-backed threat actors have lunched 237 cyberattacks on Ukraine's infrastructure, new research from MIcrosoft shows.
258 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” The Most Exploited Vulnerabilities of 2021 πŸ”

U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities say these vulnerabilities were targeted the most by hackers last year.

πŸ“– Read

via "".
Digital Guardian
The Most Exploited Vulnerabilities of 2021
U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities say these vulnerabilities were targeted the most by hackers last year.
281 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Capital One Ventures, Snowflake Ventures, Verizon Ventures, and Wipro Ventures Join Securonix $1B+ Growth Investment as Strategic Investors πŸ•΄

Blue Chip Companies Deepen Commitment Based on Success of Long-Standing Customer and Partner Relationships and Conviction of Securonix’s Vision and Hypergrowth Potential

πŸ“– Read

via "Dark Reading".
276 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ IT Teams Worry Staff Lack Cloud-Specific Skills πŸ•΄

Security, cost, and reliability top the list of concerns IT teams have about their cloud operations, according to a recent report.

πŸ“– Read

via "Dark Reading".
Dark Reading
IT Teams Worry Staff Lack Cloud-Specific Skills
Security, cost, and reliability top the list of concerns IT teams have about their cloud operations, according to a recent report.
265 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL πŸ•΄

Flaws gave attackers a way to access other cloud accounts and databases, security vendor says.

πŸ“– Read

via "Dark Reading".
Dark Reading
Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL
Flaws gave attackers a way to access other cloud accounts and databases, security vendor says.
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29555 β€Ό

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.

πŸ“– Read

via "National Vulnerability Database".
209 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29081 β€Ό

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.

πŸ“– Read

via "National Vulnerability Database".
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24449 β€Ό

Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document.

πŸ“– Read

via "National Vulnerability Database".
204 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28477 β€Ό

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).

πŸ“– Read

via "National Vulnerability Database".
214 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28454 β€Ό

Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS).

πŸ“– Read

via "National Vulnerability Database".
229 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24898 β€Ό

org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights.

πŸ“– Read

via "National Vulnerability Database".
305 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28060 β€Ό

SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php.

πŸ“– Read

via "National Vulnerability Database".
311 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29556 β€Ό

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.

πŸ“– Read

via "National Vulnerability Database".
334 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29904 β€Ό

The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.

πŸ“– Read

via "National Vulnerability Database".
309 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29907 β€Ό

The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages.

πŸ“– Read

via "National Vulnerability Database".
322 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29905 β€Ό

The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.

πŸ“– Read

via "National Vulnerability Database".
340 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29906 β€Ό

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.

πŸ“– Read

via "National Vulnerability Database".
343 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29903 β€Ό

The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains.

πŸ“– Read

via "National Vulnerability Database".
365 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1531 β€Ό

SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover.

πŸ“– Read

via "National Vulnerability Database".
340 views