πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Vanity URLs Could be Spoofed for Social Engineering Attacks πŸ•΄

Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.

πŸ“– Read

via "Dark Reading".
Darkreading
Vanity URLs Could Be Spoofed for Social Engineering Attacks
Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.
279 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The Danger of Online Data Brokers πŸ•΄

Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.

πŸ“– Read

via "Dark Reading".
Darkreading
The Danger of Online Data Brokers
Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.
269 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers πŸ•΄

IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.

πŸ“– Read

via "Dark Reading".
Dark Reading
Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers
IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.
261 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Colonial Pipeline facing $1,000,000 fine for poor recovery plans ⚠

How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...

πŸ“– Read

via "Naked Security".
Naked Security
Colonial Pipeline facing $1,000,000 fine for poor recovery plans
How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here’s some real-life advice…
223 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29316 β€Ό

Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch.

πŸ“– Read

via "National Vulnerability Database".
204 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29727 β€Ό

Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.

πŸ“– Read

via "National Vulnerability Database".
180 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3254 β€Ό

Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.

πŸ“– Read

via "National Vulnerability Database".
173 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29728 β€Ό

Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter.

πŸ“– Read

via "National Vulnerability Database".
180 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29318 β€Ό

An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

πŸ“– Read

via "National Vulnerability Database".
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29655 β€Ό

An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

πŸ“– Read

via "National Vulnerability Database".
179 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29656 β€Ό

Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php.

πŸ“– Read

via "National Vulnerability Database".
195 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29975 β€Ό

An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 .

πŸ“– Read

via "National Vulnerability Database".
209 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-19228 β€Ό

An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.

πŸ“– Read

via "National Vulnerability Database".
232 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29976 β€Ό

An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .

πŸ“– Read

via "National Vulnerability Database".
236 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29317 β€Ό

Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php.

πŸ“– Read

via "National Vulnerability Database".
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ SpyCloud Report: Fortune 1000 Employees Pose Elevated Cyber Risk to Companies πŸ•΄

Analysis finds 687 million exposed credentials and personally identifiable information (PII) among Fortune 1000 employees, and a 64% password reuse rate.

πŸ“– Read

via "Dark Reading".
Darkreading
SpyCloud Report: Fortune 1000 Employees Pose Elevated Cyber Risk to Companies
Analysis finds 687 million exposed credentials and personally identifiable information (PII) among Fortune 1000 employees, and a 64% password reuse rate.
243 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ CyberUK 2022: Global power conflicts creating β€˜balkinization’ of cybersecurity tech πŸ—“οΈ

Technology interoperability at risk from wider conflict between China and the West

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
CyberUK 2022: Global power conflicts creating β€˜balkinization’ of cybersecurity tech
Technology interoperability at risk from wider conflict between China and the West
232 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44167 β€Ό

An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
175 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27656 β€Ό

The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

πŸ“– Read

via "National Vulnerability Database".
164 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1622 β€Ό

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

πŸ“– Read

via "National Vulnerability Database".
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28214 β€Ό

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systemsÒ€ℒ Confidentiality, Integrity, and Availability.

πŸ“– Read

via "National Vulnerability Database".
132 views