πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1816 β€Ό

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.

πŸ“– Read

via "National Vulnerability Database".
247 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1810 β€Ό

Improper Access Control in GitHub repository publify/publify prior to 9.2.9.

πŸ“– Read

via "National Vulnerability Database".
274 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Valeo Networks Acquires Next I.T. πŸ•΄

Next I.T. is the sixth and largest acquisition to date for Valeo Networks.

πŸ“– Read

via "Dark Reading".
Dark Reading
Valeo Networks Acquires Next I.T.
Next I.T. is the sixth and largest acquisition to date for Valeo Networks.
258 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection πŸ•΄

IronKey Vault Privacy 80 External SSD safeguards against brute-force attacks and BadUSB with digitally-signed firmware.

πŸ“– Read

via "Dark Reading".
Dark Reading
Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection
IronKey Vault Privacy 80 External SSD safeguards against brute-force attacks and BadUSB with digitally-signed firmware.
292 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Chicago Public Schools data breach blamed on ransomware attack on supplier πŸ—“οΈ

Cybercrooks compromised server containing student course information and assessment data

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Chicago Public Schools data breach blamed on third-party ransomware attack
Cybercrooks compromised server containing student course information and assessment data
290 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28997 β€Ό

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.

πŸ“– Read

via "National Vulnerability Database".
277 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0900 β€Ό

A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aciklama" parameter could allow anyone to gain users' session informations.

πŸ“– Read

via "National Vulnerability Database".
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28998 β€Ό

Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code.

πŸ“– Read

via "National Vulnerability Database".
276 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Pwn2Own Vancouver: 15th annual hacking event pays out $1.2m for high-impact security bugs πŸ—“οΈ

Tesla, Microsoft, and others targeted in hacking competition that saw Star Labs crowned β€˜Masters of Pwn’

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Pwn2Own Vancouver: 15th annual hacking event pays out $1.2m for high-impact security bugs
Tesla, Microsoft, and others targeted in hacking competition that saw Star Labs crowned β€˜Masters of Pwn’
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Why the Employee Experience Is Cyber Resilience πŸ•΄

A culture of trust, combined with tools designed around EX, can work in tandem to help organizations become more resilient and secure.

πŸ“– Read

via "Dark Reading".
Dark Reading
Why the Employee Experience Is Cyber Resilience
A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.
283 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29004 β€Ό

Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.

πŸ“– Read

via "National Vulnerability Database".
254 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29005 β€Ό

Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.

πŸ“– Read

via "National Vulnerability Database".
240 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41714 β€Ό

In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage.

πŸ“– Read

via "National Vulnerability Database".
225 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1811 β€Ό

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.

πŸ“– Read

via "National Vulnerability Database".
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30017 β€Ό

Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.

πŸ“– Read

via "National Vulnerability Database".
205 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30014 β€Ό

Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account.

πŸ“– Read

via "National Vulnerability Database".
215 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30016 β€Ό

Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info.

πŸ“– Read

via "National Vulnerability Database".
228 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28932 β€Ό

D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.

πŸ“– Read

via "National Vulnerability Database".
239 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT πŸ•΄

Analysts have seen a massive spike in malicious activity by the XorDdos trojan in the last six months, against Linux cloud and IoT infrastructures .

πŸ“– Read

via "Dark Reading".
Dark Reading
Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT
Analysts have seen a massive spike in malicious activity by the XorDdos Trojan in the last six months, against Linux cloud and IoT infrastructures .
297 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” HHS Warns Healthcare Industry of Russian Threat Groups πŸ”

A new alert, via the HHS Cybersecurity Program, is reminding healthcare organizations about four Russian threat groups.

πŸ“– Read

via "".
274 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31466 β€Ό

Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation. It may follow a symlink that was created after a malware check.

πŸ“– Read

via "National Vulnerability Database".
256 views