πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28110 β€Ό

Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.

πŸ“– Read

via "National Vulnerability Database".
290 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29591 β€Ό

Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.

πŸ“– Read

via "National Vulnerability Database".
260 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43094 β€Ό

An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page.

πŸ“– Read

via "National Vulnerability Database".
266 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ RubyGems supply chain rip-and-replace bug fixed – check your logs! ⚠

Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".

πŸ“– Read

via "Naked Security".
Naked Security
RubyGems supply chain rip-and-replace bug fixed – check your logs!
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself β€œFrank”.
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ UK government blocked four times as many cyber-scams in 2021 than previous year, CyberUK delegates told πŸ—“οΈ

War in Ukraine and ransomware trends top the agenda at this year’s NCSC-led conference

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK government blocked four times as many cyber-scams in 2021 than previous year, CyberUK delegates told
War in Ukraine and ransomware trends top the agenda at this year’s NCSC conference
238 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Onapsis Announces New Offering to Jumpstart Security for SAP Customers πŸ•΄

Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications .

πŸ“– Read

via "Dark Reading".
Darkreading
Onapsis Announces New Offering to Jumpstart Security for SAP Customers
Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications .
227 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 5-Buck DCRat Malware Foretells a Worrying Cyber Future πŸ•΄

The Dark Crystal remote access Trojan (aka DCRat) breaks a few stereotypes, with coding done by a solo developer, using an obscure Web language and offering it at a frighteningly low price.

πŸ“– Read

via "Dark Reading".
Darkreading
5-Buck DCRat Malware Foretells a Worrying Cyber Future
The Dark Crystal remote access Trojan (aka DCRat) breaks a few stereotypes, with coding done by a solo developer, using an obscure Web language and offering it at a frighteningly low price.
238 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Arctic Wolf Launches Arctic Wolf Labs Focused on Security Operations Research and Intelligence Reporting πŸ•΄

New research-focused division focused on advancing innovation in the field of security operations.

πŸ“– Read

via "Dark Reading".
Darkreading
Arctic Wolf Launches Arctic Wolf Labs Focused on Security Operations Research and Intelligence Reporting
New research-focused division focused on advancing innovation in the field of security operations.
224 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print Spooler πŸ•΄

Kaspersky researchers discovered that cybercriminals made approximately 65,000 attacks between July 2021 and April 2022.

πŸ“– Read

via "Dark Reading".
Darkreading
Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print Spooler
Kaspersky researchers discovered that cybercriminals made approximately 65,000 attacks between July 2021 and April 2022.
194 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26987 β€Ό

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.

πŸ“– Read

via "National Vulnerability Database".
190 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28909 β€Ό

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.

πŸ“– Read

via "National Vulnerability Database".
170 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28907 β€Ό

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28901 β€Ό

A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.

πŸ“– Read

via "National Vulnerability Database".
145 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29325 β€Ό

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28912 β€Ό

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.

πŸ“– Read

via "National Vulnerability Database".
130 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28913 β€Ό

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.

πŸ“– Read

via "National Vulnerability Database".
132 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29329 β€Ό

D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings.

πŸ“– Read

via "National Vulnerability Database".
127 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29322 β€Ό

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.

πŸ“– Read

via "National Vulnerability Database".
127 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28910 β€Ό

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.

πŸ“– Read

via "National Vulnerability Database".
129 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1397 β€Ό

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.

πŸ“– Read

via "National Vulnerability Database".
136 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29326 β€Ό

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.

πŸ“– Read

via "National Vulnerability Database".
137 views