πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.9K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.9K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2280 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.

πŸ“– Read

via "National Vulnerability Database".
344 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Latest web hacking tools – Q3 2022 πŸ—“οΈ

We take a look at the latest additions to security researchers’ armory

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Latest web hacking tools – Q3 2022
We take a look at the latest additions to security researchers’ armory
384 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-34894 β€Ό

In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services

πŸ“– Read

via "National Vulnerability Database".
306 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2264 β€Ό

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.

πŸ“– Read

via "National Vulnerability Database".
315 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Gitlab patches critical RCE bug in latest security release πŸ—“οΈ

Users are urged to update to the latest version

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Gitlab patches critical RCE bug in latest security release
Users are urged to update to the latest version
352 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-33103 β€Ό

Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().

πŸ“– Read

via "National Vulnerability Database".
301 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-33099 β€Ό

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.

πŸ“– Read

via "National Vulnerability Database".
293 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2282 β€Ό

Improper Authorization in GitHub repository saltstack/salt prior to 3004.2.

πŸ“– Read

via "National Vulnerability Database".
299 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  Queue Abstract Data Type Tool πŸ› 

This tool can be embedded into AI systems for storing information and deleting it very efficiently by using queues disguising themselves as arrays and adding data and removing the data using pointers and flags.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
Queue Abstract Data Type Tool β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
295 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ DragonForce Malaysia Releases LPE Exploit, Threatens Ransomware πŸ•΄

The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities.

πŸ“– Read

via "Dark Reading".
Dark Reading
DragonForce Malaysia Releases LPE Exploit, Threatens Ransomware
The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities.
281 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript] ⚠

Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]
Latest episode – listen and read now! Use our advice to advise your own friends and family… let’s all do our bit to stand up to scammers!
280 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2253 β€Ό

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server.

πŸ“– Read

via "National Vulnerability Database".
228 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2014-3650 β€Ό

Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.

πŸ“– Read

via "National Vulnerability Database".
234 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2014-3648 β€Ό

The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on.

πŸ“– Read

via "National Vulnerability Database".
251 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ β€œMissing Cryptoqueen” hits the FBI’s Ten Most Wanted list ⚠

The "Missing Cryptoqueen" makes the American Top Ten... but not in a good way.

πŸ“– Read

via "Naked Security".
Naked Security
β€œMissing Cryptoqueen” hits the FBI’s Ten Most Wanted list
The β€œMissing Cryptoqueen” makes the American Top Ten… but not in a good way.
241 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Friday Five 7/1 πŸ”

The overturning of Roe v. Wade is sparking more privacy concerns, cybercriminals are using deepfakes to gain access to corporate networks, and home routers are being attacked with malware. Read about these stories and more in this week's Friday Five.


πŸ“– Read

via "".
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Criminals Use Deepfake Videos to Interview for Remote Work πŸ•΄

The latest evolution in social engineering could put fraudsters in a position to commit insider threats.

πŸ“– Read

via "Dark Reading".
Dark Reading
Criminals Use Deepfake Videos to Interview for Remote Work
The latest evolution in social engineering could put fraudsters in a position to commit insider threats.
359 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2281 β€Ό

An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.

πŸ“– Read

via "National Vulnerability Database".
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2229 β€Ό

An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.

πŸ“– Read

via "National Vulnerability Database".
186 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2270 β€Ό

An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification.

πŸ“– Read

via "National Vulnerability Database".
165 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2230 β€Ό

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.

πŸ“– Read

via "National Vulnerability Database".
147 views