🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-2175 ‼

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

📖 Read

via "National Vulnerability Database".
317 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS 🕴

Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility.

📖 Read

via "Dark Reading".
Dark Reading
Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS
Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility.
357 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Reinventing How Farming Equipment Is Remotely Controlled and Tracked 🕴

Farmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture.

📖 Read

via "Dark Reading".
Dark Reading
Reinventing How Farming Equipment Is Remotely Controlled and Tracked
Farmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture.
309 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Cyberattackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign 🕴

Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.

📖 Read

via "Dark Reading".
Dark Reading
Cyberattackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign
Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.
305 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 The Rise, Fall, and Rebirth of the Presumption of Compromise 🕴

The concept might make us sharp and realistic, but it's not enough on its own.

📖 Read

via "Dark Reading".
Dark Reading
The Rise, Fall, and Rebirth of the Presumption of Compromise
The concept might make us sharp and realistic, but it's not enough on its own.
268 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Pair of Brand-New Cybersecurity Bills Become Law 🕴

Bipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments.

📖 Read

via "Dark Reading".
Dark Reading
Pair of Brand-New Cybersecurity Bills Become Law
Bipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments.
251 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 ShiftLeft: Focus On 'Attackability' To Better Prioritize Vulnerabilities 🕴

ShiftLeft's Manesh Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."

📖 Read

via "Dark Reading".
Darkreading
ShiftLeft: Focus On 'Attackability' To Better Prioritize Vulnerabilities
ShiftLeft's Manish Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."
223 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34176 ‼

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

📖 Read

via "National Vulnerability Database".
234 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-41432 ‼

A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.

📖 Read

via "National Vulnerability Database".
185 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32125 ‼

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job.

📖 Read

via "National Vulnerability Database".
162 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-33097 ‼

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job.

📖 Read

via "National Vulnerability Database".
146 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-33114 ‼

Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.

📖 Read

via "National Vulnerability Database".
137 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-26637 ‼

There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.

📖 Read

via "National Vulnerability Database".
134 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34201 ‼

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

📖 Read

via "National Vulnerability Database".
132 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-33094 ‼

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map.

📖 Read

via "National Vulnerability Database".
127 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34199 ‼

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

📖 Read

via "National Vulnerability Database".
122 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34189 ‼

Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

📖 Read

via "National Vulnerability Database".
120 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-32124 ‼

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/.

📖 Read

via "National Vulnerability Database".
115 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-29055 ‼

Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php.

📖 Read

via "National Vulnerability Database".
110 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-26636 ‼

Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.

📖 Read

via "National Vulnerability Database".
104 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-34186 ‼

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

📖 Read

via "National Vulnerability Database".
106 views