πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31830 β€Ό

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php.

πŸ“– Read

via "National Vulnerability Database".
137 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23138 β€Ό

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack.

πŸ“– Read

via "National Vulnerability Database".
138 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31393 β€Ό

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.

πŸ“– Read

via "National Vulnerability Database".
140 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40961 β€Ό

CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.

πŸ“– Read

via "National Vulnerability Database".
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-32272 β€Ό

OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access control, resulting in privilege escalation.

πŸ“– Read

via "National Vulnerability Database".
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31827 β€Ό

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php.

πŸ“– Read

via "National Vulnerability Database".
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2035 β€Ό

A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser.

πŸ“– Read

via "National Vulnerability Database".
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31386 β€Ό

A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter.

πŸ“– Read

via "National Vulnerability Database".
179 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ How AI Is Useful β€” and Not Useful β€” for Cybersecurity πŸ•΄

AI works best when security professionals and AI are complementing each other.

πŸ“– Read

via "Dark Reading".
Dark Reading
How AI Is Useful β€” and Not Useful β€” for Cybersecurity
AI works best when security professionals and AI are complementing each other.
189 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Want Better Security? Up Your Collaboration Game πŸ•΄

BAE Systems' Peder Jungck joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the importance of collaboration.

πŸ“– Read

via "Dark Reading".
Darkreading
Want Better Security? Up Your Collaboration Game
BAE Systems' Peder Jungck joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the importance of collaboration.
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Sophos: Keeping Tabs on the Bad Guys Using Threat Research πŸ•΄

Sophos' John Shier joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the ransomware problem.

πŸ“– Read

via "Dark Reading".
Darkreading
Sophos: Keeping Tabs on the Bad Guys Using Threat Research
Sophos' John Shier joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the ransomware problem.
184 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cisco Revamps Cloud Security Strategy With New Secure Access, SASE Portfolio πŸ•΄

The company's vision for the future of cloud security is based on simplified, horizontal coverage across multiple cloud platforms.

πŸ“– Read

via "Dark Reading".
Dark Reading
Cisco Revamps Cloud Security Strategy With New Secure Access, SASE Portfolio
The company's vision for the future of cloud security is based on simplified, horizontal coverage across multiple cloud platforms.
πŸ‘1
186 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Key RSA Takeaways From a Newly Minted Digital Guardian πŸ”

HelpSystems' new Director of Product Management, Data Protection, Wade Barisoff, gives his first impressions of RSA Conference 2022.

πŸ“– Read

via "".
186 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Feds Forced Travel Firms to Share Surveillance Data on Hacker ❌

Sabre and Travelport had to report the weekly activities of former β€œCardplanet” cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution.

πŸ“– Read

via "Threat Post".
Threat Post
Feds Forced Travel Firms to Share Surveillance Data on Hacker
Sabre and Travelport had to report the weekly activities of former β€œCardplanet” cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution.
191 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cisco Makes Resilience a Cornerstone of Security Strategy πŸ•΄

Cisco's Jeetu Patel joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the power of information sharing.

πŸ“– Read

via "Dark Reading".
Darkreading
Cisco Makes Resilience a Cornerstone of Security Strategy
Cisco's Jeetu Patel joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the power of information sharing.
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2027 β€Ό

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.

πŸ“– Read

via "National Vulnerability Database".
166 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2019-25066 β€Ό

A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.

πŸ“– Read

via "National Vulnerability Database".
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2029 β€Ό

Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.

πŸ“– Read

via "National Vulnerability Database".
136 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2014 β€Ό

Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.

πŸ“– Read

via "National Vulnerability Database".
133 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2015 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.

πŸ“– Read

via "National Vulnerability Database".
128 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24969 β€Ό

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

πŸ“– Read

via "National Vulnerability Database".
130 views