πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28601 β€Ό

A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.

πŸ“– Read

via "National Vulnerability Database".
118 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29110 β€Ό

Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-29109.

πŸ“– Read

via "National Vulnerability Database".
117 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29117 β€Ό

.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.

πŸ“– Read

via "National Vulnerability Database".
121 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29395 β€Ό

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4.

πŸ“– Read

via "National Vulnerability Database".
117 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29142 β€Ό

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29133.

πŸ“– Read

via "National Vulnerability Database".
119 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30130 β€Ό

.NET Framework Denial of Service Vulnerability.

πŸ“– Read

via "National Vulnerability Database".
119 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29394 β€Ό

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448.

πŸ“– Read

via "National Vulnerability Database".
117 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26932 β€Ό

Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26938, CVE-2022-26939.

πŸ“– Read

via "National Vulnerability Database".
124 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29399 β€Ό

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0.

πŸ“– Read

via "National Vulnerability Database".
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29393 β€Ό

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc.

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26938 β€Ό

Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26932, CVE-2022-26939.

πŸ“– Read

via "National Vulnerability Database".
145 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29396 β€Ό

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10.

πŸ“– Read

via "National Vulnerability Database".
158 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29134 β€Ό

Windows Clustered Shared Volume Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29120, CVE-2022-29122, CVE-2022-29123.

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29114 β€Ό

Windows Print Spooler Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29140.

πŸ“– Read

via "National Vulnerability Database".
216 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26935 β€Ό

Windows WLAN AutoConfig Service Information Disclosure Vulnerability.

πŸ“– Read

via "National Vulnerability Database".
256 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23267 β€Ό

.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.

πŸ“– Read

via "National Vulnerability Database".
299 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers πŸ•΄

Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.

πŸ“– Read

via "Dark Reading".
Dark Reading
What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers
Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.
380 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β™ŸοΈ Microsoft Patch Tuesday, May 2022 Edition β™ŸοΈ

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month's patch batch includes fixes for seven "critical" flaws, as well as a zero-day vulnerability that affects all supported versions of Windows.

πŸ“– Read

via "Krebs on Security".
Krebsonsecurity
Microsoft Patch Tuesday, May 2022 Edition
Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month's patch batch includes fixes for seven "critical" flaws, as well as a zero-day vulnerability that affects all…
429 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails πŸ•΄

Malicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say.

πŸ“– Read

via "Dark Reading".
Darkreading
Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails
Malicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say.
πŸ‘1
382 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26116 β€Ό

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.

πŸ“– Read

via "National Vulnerability Database".
373 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ NIST refreshes software supply chain risk management guidance πŸ—“οΈ

β€˜A comprehensive tool that can take you from crawl to walk to run’

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
NIST refreshes software supply chain risk management guidance
β€˜A comprehensive tool that can take you from crawl to walk to run’
292 views