πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-45783 β€Ό

Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.

πŸ“– Read

via "National Vulnerability Database".
210 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems ❌

The vulnerability is 'critical' with a CVSS severity rating of 9.8 out of 10.

πŸ“– Read

via "Threat Post".
Threat Post
F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems
The vulnerability is 'critical' with a CVSS severity rating of 9.8 out of 10.
228 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ CANs Reinvent LANs for an All-Local World ❌

A close look at a new type of network, known as a Cloud Area Network.

πŸ“– Read

via "Threat Post".
Threat Post
CANs Reinvent LANs for an All-Local World
A close look at a new type of network, known as a Cloud Area Network.
240 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Heroku resets user passwords after concluding April cyber-attack ran deep πŸ—“οΈ

Hack investigation blames compromised token for breach

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Heroku resets user passwords after concluding April cyber-attack ran deep
Hack investigation blames compromised token for breach
239 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Why Security Matters Even More in Online Gaming πŸ•΄

As the gaming sector booms, game publishers and gaming networks have been heavily targeted with distributed denial-of-service (DDoS) attacks in the last year.

πŸ“– Read

via "Dark Reading".
Darkreading
Why Security Matters Even More in Online Gaming
As the gaming sector booms, game publishers and gaming networks have been heavily targeted with distributed denial-of-service (DDoS) attacks in the last year.
239 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast] ⚠

Latest episode - listen now!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]
Latest episode – listen now!
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28462 β€Ό

novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.

πŸ“– Read

via "National Vulnerability Database".
192 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29939 β€Ό

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.

πŸ“– Read

via "National Vulnerability Database".
186 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29938 β€Ό

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.

πŸ“– Read

via "National Vulnerability Database".
183 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29339 β€Ό

In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-42242 β€Ό

A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor.

πŸ“– Read

via "National Vulnerability Database".
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28471 β€Ό

In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38

πŸ“– Read

via "National Vulnerability Database".
155 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29940 β€Ό

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.

πŸ“– Read

via "National Vulnerability Database".
145 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29340 β€Ό

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.

πŸ“– Read

via "National Vulnerability Database".
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1575 β€Ό

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.

πŸ“– Read

via "National Vulnerability Database".
166 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28461 β€Ό

mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection.

πŸ“– Read

via "National Vulnerability Database".
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up Attacks πŸ•΄

Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware.

πŸ“– Read

via "Dark Reading".
Dark Reading
Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up Attacks
Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware.
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ World Password Day – the 1960s just called and gave you your passwords back ⚠

Yes, passwords are going away. No, it won't happen tomorrow. So it's still worth knowing the basics of picking proper passwords.

πŸ“– Read

via "Naked Security".
Naked Security
World Password Day – the 1960s just called and gave you your passwords back
Yes, passwords are going away. No, it won’t happen tomorrow. So it’s still worth knowing the basics of picking proper passwords.
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin πŸ•΄

Researcher to reveal fresh details at Black Hat Asia on a tenacious cyber-espionage group attacking specific military, law enforcement, aviation, and other entities in Central and South Asia.

πŸ“– Read

via "Dark Reading".
Dark Reading
1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin
Researcher to reveal fresh details at Black Hat Asia on a tenacious cyber-espionage group attacking specific military, law enforcement, aviation, and other entities in Central and South Asia.
243 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1464 β€Ό

Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .

πŸ“– Read

via "National Vulnerability Database".
231 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-42183 β€Ό

MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/.

πŸ“– Read

via "National Vulnerability Database".
230 views