πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ SoftBank under pressure over links with 'blacklisted' Chinese facial recognition firm πŸ“’

A subsidiary of the Japanese tech giant that conducts business with Mastercard and Visa relies on tech by the sanctioned SenseTime

πŸ“– Read

via "ITPro".
IT PRO
SoftBank under pressure over links with 'blacklisted' Chinese facial recognition firm | IT PRO
A subsidiary of the Japanese tech giant that conducts business with Mastercard and Visa relies on tech by the sanctioned SenseTime
244 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Microsoft identifies sophisticated Hive ransomware variant written in Rust πŸ“’

The move away from Go and an encryption redesign makes the new strain even more of a threat to business targets

πŸ“– Read

via "ITPro".
ITPro
Microsoft identifies sophisticated Hive ransomware variant written in Rust
The move away from Go and an encryption redesign makes the new strain even more of a threat to business targets
337 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ MI5 and FBI warn businesses over mass Chinese IP theft πŸ“’

The security services urged organisations to consolidate security practices and approach Chinese business relationships with caution

πŸ“– Read

via "ITPro".
IT PRO
MI5 and FBI warn businesses over mass Chinese IP theft | IT PRO
The security services urged organisations to consolidate security practices and approach Chinese business relationships with caution
πŸ‘Ž1
801 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27910 β€Ό

In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely most versions below)' are affected to an reflected Cross-Site Scripting (XSS) in an image upload function

πŸ“– Read

via "National Vulnerability Database".
379 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2365 β€Ό

stored XSS

πŸ“– Read

via "National Vulnerability Database".
386 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β™ŸοΈ Experian, You Have Some Explaining to Do β™ŸοΈ

Twice in the past month KrebsOnSecurity has heard from readers who've had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn't theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim's personal information and a different email address.

πŸ“– Read

via "Krebs on Security".
Krebsonsecurity
Experian, You Have Some Explaining to Do
Twice in the past month KrebsOnSecurity has heard from readers who've had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn't theirs. In both cases the readers used password managers to select…
πŸ‘1
344 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31571 β€Ό

The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
234 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31562 β€Ό

The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
196 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31582 β€Ό

The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31580 β€Ό

The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
173 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31578 β€Ό

The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
172 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31579 β€Ό

The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
167 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35416 β€Ό

H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.

πŸ“– Read

via "National Vulnerability Database".
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31581 β€Ό

The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35414 β€Ό

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.

πŸ“– Read

via "National Vulnerability Database".
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31585 β€Ό

The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
154 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31583 β€Ό

The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
155 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31584 β€Ό

The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-32294 β€Ό

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port).

πŸ“– Read

via "National Vulnerability Database".
166 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31587 β€Ό

The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
164 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31586 β€Ό

The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

πŸ“– Read

via "National Vulnerability Database".
172 views