πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ It's a Race to Secure the Software Supply Chain β€” Have You Already Stumbled? πŸ•΄

If you haven't properly addressed the issue, you're already behind. But even if you've had a false start, it's never too late to get back up.

πŸ“– Read

via "Dark Reading".
Dark Reading
It's a Race to Secure the Software Supply Chain β€” Have You Already Stumbled?
If you haven't properly addressed the issue, you're already behind. But even if you've had a false start, it's never too late to get back up.
260 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ OpenSSL issues a bugfix for the previous bugfix ⚠

Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

πŸ“– Read

via "Naked Security".
Naked Security
OpenSSL issues a bugfix for the previous bugfix
Fortunately, it’s not a major bugfix, which means it’s easy to patch and can teach us all some useful lessons.
244 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40900 β€Ό

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails.

πŸ“– Read

via "National Vulnerability Database".
228 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40901 β€Ό

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails.

πŸ“– Read

via "National Vulnerability Database".
234 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2218 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.

πŸ“– Read

via "National Vulnerability Database".
239 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2216 β€Ό

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.

πŸ“– Read

via "National Vulnerability Database".
243 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2208 β€Ό

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
255 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2207 β€Ό

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
262 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Thrive Acquires DSM πŸ•΄

DSM is now the third acquisition by Thrive in Florida in the past six months.

πŸ“– Read

via "Dark Reading".
Dark Reading
Thrive Acquires DSM
DSM is now the third acquisition by Thrive in Florida in the past six months.
266 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ FTC warns of LGBTQ+ extortion scams – be aware before you share! ⚠

It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"

πŸ“– Read

via "Naked Security".
Naked Security
FTC warns of LGBTQ+ extortion scams – be aware before you share!
It’s a simple jingle and it’s solid advice: β€œIf in doubt, don’t give it out!”
284 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Untrusted types: Researcher demos trick to beat Trusted Types protection in Google Chrome πŸ—“οΈ

Flaws in protection mechanism leaves websites more exposed to DOM XSS-based attacks

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Untrusted types: Researcher demos trick to beat Trusted Types protection in Google Chrome
Flaws in protection mechanism leaves websites more exposed to DOM XSS-based attacks
273 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2017-20101 β€Ό

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely.

πŸ“– Read

via "National Vulnerability Database".
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2017-20100 β€Ό

A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

πŸ“– Read

via "National Vulnerability Database".
248 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-21161 β€Ό

Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0.

πŸ“– Read

via "National Vulnerability Database".
245 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2017-20102 β€Ό

A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

πŸ“– Read

via "National Vulnerability Database".
264 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Researchers crack MEGA’s β€˜privacy by design’ storage, encryption πŸ—“οΈ

ETH Zurich finds flaws in the firm’s cryptographic infrastructure

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researchers crack MEGA’s β€˜privacy by design’ storage, encryption
ETH Zurich finds flaws in the firm’s cryptographic infrastructure
273 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Harmony blockchain loses nearly $100M due to hacked private keys ⚠

The crooks needed at least two private keys, each stored in two parts... but they got them anyway.

πŸ“– Read

via "Naked Security".
Naked Security
Harmony blockchain loses nearly $100M due to hacked private keys
The crooks needed at least two private keys, each stored in two parts… but they got them anyway.
479 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2140 β€Ό

Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters.

πŸ“– Read

via "National Vulnerability Database".
222 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33650 β€Ό

When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2106 β€Ό

Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files.

πŸ“– Read

via "National Vulnerability Database".
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33651 β€Ό

When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception.

πŸ“– Read

via "National Vulnerability Database".
149 views