πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30991 β€Ό

HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240

πŸ“– Read

via "National Vulnerability Database".
202 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1774 β€Ό

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30992 β€Ό

Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240

πŸ“– Read

via "National Vulnerability Database".
227 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30994 β€Ό

Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240

πŸ“– Read

via "National Vulnerability Database".
264 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30990 β€Ό

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037

πŸ“– Read

via "National Vulnerability Database".
321 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30033 β€Ό

Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module.

πŸ“– Read

via "National Vulnerability Database".
394 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1771 β€Ό

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
411 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30993 β€Ό

Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240

πŸ“– Read

via "National Vulnerability Database".
443 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1670 β€Ό

When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users.

πŸ“– Read

via "National Vulnerability Database".
404 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1183 β€Ό

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.

πŸ“– Read

via "National Vulnerability Database".
400 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Rogue cloud users could sabotage fellow off-prem tenants via critical Flux flaw πŸ—“οΈ

Mischief-makers could β€˜disrupt the availability, integrity and confidentiality’ of other tenants

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Rogue cloud users could sabotage fellow off-prem tenants via critical Flux flaw
Mischief-makers could β€˜disrupt the availability, integrity and confidentiality’ of other tenants
339 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover ❌

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.

πŸ“– Read

via "Threat Post".
Threat Post
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.
317 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Phishing Attacks for Initial Access Surged 54% in Q1 πŸ•΄

For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.

πŸ“– Read

via "Dark Reading".
Dark Reading
Phishing Attacks for Initial Access Surged 54% in Q1
For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.
283 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Pwn2Own hacking schedule released – Windows and Linux are top targets ⚠

What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?

πŸ“– Read

via "Naked Security".
Naked Security
Pwn2Own hacking schedule released – Windows and Linux are top targets
What’s better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?
262 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast] ⚠

Latest episode - listen now!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
Latest episode – listen now!
246 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 6 Scary Tactics Used in Mobile App Attacks πŸ•΄

Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.

πŸ“– Read

via "Dark Reading".
259 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Encrypted email service CTemplar announces closure πŸ—“οΈ

Privacy-focused service to shut down by the end of the month

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Encrypted email service CTemplar announces closure
Privacy-focused service to shut down by the end of the month
270 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1785 β€Ό

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
279 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Active attacks against VMware flaws prompts emergency update directive πŸ—“οΈ

CISA orders US federal agencies to implement patches ASAP

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Active attacks against VMware flaws prompts emergency update directive
CISA orders US federal agencies to implement patches ASAP
274 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41938 β€Ό

An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations.

πŸ“– Read

via "National Vulnerability Database".
254 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22976 β€Ό

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.

πŸ“– Read

via "National Vulnerability Database".
235 views