πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29362 β€Ό

A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter.

πŸ“– Read

via "National Vulnerability Database".
340 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29361 β€Ό

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body.

πŸ“– Read

via "National Vulnerability Database".
365 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29359 β€Ό

A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.

πŸ“– Read

via "National Vulnerability Database".
416 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Malicious Python library CTX removed from PyPI repo πŸ—“οΈ

A suspicious developer appears to have performed a domain hijack to take over the original project

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Malicious Python library CTX removed from PyPI repo
A suspicious developer appears to have performed a domain hijack to take over the original project
408 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ DBIR Makes a Case for Passwordless πŸ•΄

Verizon's "2022 Data Breach Investigations Report" repeatedly makes the point that criminals are stealing credentials to carry out their attacks.

πŸ“– Read

via "Dark Reading".
Dark Reading
DBIR Makes a Case for Passwordless
Verizon's "2022 Data Breach Investigations Report" repeatedly makes the point that criminals are stealing credentials to carry out their attacks.
πŸ‘1
363 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Zoom Patches β€˜Zero-Click’ RCE Bug ❌

The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.

πŸ“– Read

via "Threat Post".
Threat Post
Zoom Patches β€˜Zero-Click’ RCE Bug
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
289 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Verizon Report: Ransomware, Human Error Among Top Security Risks ❌

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.

πŸ“– Read

via "Threat Post".
Threat Post
Verizon Report: Ransomware, Human Error Among Top Security Risks
2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.
255 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Tails users warned not to launch bundled Tor Browser until security fix is released πŸ—“οΈ

Critical vulnerability has been fixed upstream, but Tails dev team β€˜doesn’t have the capacity to publish an emergency release earlier’

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tails users warned not to launch bundled Tor Browser until security fix is released
Critical vulnerability has been fixed upstream, but Tails dev team β€˜doesn’t have the capacity to publish an emergency release earlier’
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Link Found Connecting Chaos, Onyx and Yashma Ransomware ❌

A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.

πŸ“– Read

via "Threat Post".
Threat Post
Link Found Connecting Chaos, Onyx and Yashma Ransomware
A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.
248 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ DDoS Extortion Attack Flagged as Possible REvil Resurgence πŸ•΄

A DDoS campaign observed by Akamai from actors claiming to be REvil would represent a major pivot in tactics for the gang.

πŸ“– Read

via "Dark Reading".
Dark Reading
DDoS Extortion Attack Flagged as Possible REvil Resurgence
A DDoS campaign observed by Akamai from actors claiming to be REvil would represent a major pivot in tactics for the gang.
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Industry 4.0 Points Up Need for Improved Security for Manufacturers πŸ•΄

With manufacturing ranking as the fourth most targeted sector, manufacturers that understand their exposure will be able to build the necessary security maturity.

πŸ“– Read

via "Dark Reading".
Dark Reading
Industry 4.0 Points Up Need for Improved Security for Manufacturers
With manufacturing ranking as the fourth most targeted sector, manufacturers that understand their exposure will be able to build the necessary security maturity.
221 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30595 β€Ό

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29651 β€Ό

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

πŸ“– Read

via "National Vulnerability Database".
185 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30321 β€Ό

HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3).

πŸ“– Read

via "National Vulnerability Database".
194 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29650 β€Ό

Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php.

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29379 β€Ό

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c.

πŸ“– Read

via "National Vulnerability Database".
212 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30323 β€Ό

HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 3 of 3).

πŸ“– Read

via "National Vulnerability Database".
186 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1851 β€Ό

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
192 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30322 β€Ό

HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 2 of 3).

πŸ“– Read

via "National Vulnerability Database".
202 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44974 β€Ό

radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.

πŸ“– Read

via "National Vulnerability Database".
211 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28862 β€Ό

In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2.

πŸ“– Read

via "National Vulnerability Database".
251 views