🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-32962 ‼

The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to cross-site scripting, which may allow an attacker to remotely execute arbitrary code.

📖 Read

via "National Vulnerability Database".
134 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-32969 ‼

Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code.

📖 Read

via "National Vulnerability Database".
137 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-3717 ‼

A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.

📖 Read

via "National Vulnerability Database".
139 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-3629 ‼

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.

📖 Read

via "National Vulnerability Database".
150 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-42614 ‼

A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.

📖 Read

via "National Vulnerability Database".
163 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-22977 ‼

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.

📖 Read

via "National Vulnerability Database".
172 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-32965 ‼

Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.

📖 Read

via "National Vulnerability Database".
188 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-32964 ‼

The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system.

📖 Read

via "National Vulnerability Database".
199 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 DeFi Is Getting Pummeled by Cybercriminals 🕴

Decentralized finance lost $1.8 billion to cyberattacks last year — and 80% of those events were the result of vulnerable code, analysts say.

📖 Read

via "Dark Reading".
Dark Reading
DeFi Is Getting Pummeled by Cybercriminals
Decentralized finance lost $1.8 billion to cyberattacks last year — and 80% of those events were the result of vulnerable code, analysts say.
228 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 New Attack Shows Weaponized PDF Files Remain a Threat 🕴

Notable new infection chain uses PDF to embed malicious files, load remote exploits, shellcode encryption, and more, new research shows.

📖 Read

via "Dark Reading".
Dark Reading
New Attack Shows Weaponized PDF Files Remain a Threat
Notable new infection chain uses PDF to embed malicious files, load remote exploits, shellcode encryption, and more, new research shows.
254 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021 🕴

But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.

📖 Read

via "Dark Reading".
Dark Reading
Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021
But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.
260 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29333 ‼

A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file.

📖 Read

via "National Vulnerability Database".
250 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds 🕴

Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.

📖 Read

via "Dark Reading".
Dark Reading
'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds
Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.
257 views
🛡 Cybersecurity & Privacy 🛡 - News
âš  Poisoned Python and PHP packages purloin passwords for AWS access âš 

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

📖 Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
274 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29337 ‼

C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request.

📖 Read

via "National Vulnerability Database".
314 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-22497 ‼

IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951.

📖 Read

via "National Vulnerability Database".
321 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29334 ‼

An issue in H v1.0 allows attackers to bypass authentication via a session replay attack.

📖 Read

via "National Vulnerability Database".
341 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29349 ‼

kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.

📖 Read

via "National Vulnerability Database".
302 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29710 ‼

A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.

📖 Read

via "National Vulnerability Database".
314 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29358 ‼

epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XML file.

📖 Read

via "National Vulnerability Database".
324 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29362 ‼

A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter.

📖 Read

via "National Vulnerability Database".
340 views