πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2123 β€Ό

The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.

πŸ“– Read

via "National Vulnerability Database".
115 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1732 β€Ό

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack

πŸ“– Read

via "National Vulnerability Database".
114 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1757 β€Ό

The Pagebar WordPress plugin through 2.65 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issues

πŸ“– Read

via "National Vulnerability Database".
116 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1894 β€Ό

The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed

πŸ“– Read

via "National Vulnerability Database".
121 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2092 β€Ό

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.

πŸ“– Read

via "National Vulnerability Database".
119 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1220 β€Ό

The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

πŸ“– Read

via "National Vulnerability Database".
127 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1576 β€Ό

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack

πŸ“– Read

via "National Vulnerability Database".
132 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1956 β€Ό

The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.

πŸ“– Read

via "National Vulnerability Database".
140 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1626 β€Ό

The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them

πŸ“– Read

via "National Vulnerability Database".
154 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1474 β€Ό

The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting

πŸ“– Read

via "National Vulnerability Database".
163 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  GNU Privacy Guard 2.2.36 πŸ› 

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.36 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
201 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  Falco 0.32.1 πŸ› 

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
Falco 0.32.1 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
223 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  GNU Privacy Guard 2.3.7 πŸ› 

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.3.7 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
253 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Post-quantum cryptography hits standardization milestone πŸ—“οΈ

Green light for four β€˜future-proofed’ encryption technologies

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Post-quantum cryptography hits standardization milestone
Green light for four β€˜future-proofed’ encryption technologies
πŸ‘2
268 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Omdia: Sustainability Ranks Top on Data Center Operators’ Agendas Despite Cost and Reliability Barriers πŸ•΄

.

πŸ“– Read

via "Dark Reading".
Dark Reading
Omdia: Sustainability Ranks Top on Data Center Operators’ Agendas Despite Cost and Reliability Barriers
264 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ PyPI repo to distribute 4,000 security keys to maintainers of β€˜critical projects’ in 2FA drive πŸ—“οΈ

Google is providing Titan Security Keys to maintainers of projects in top 1% of downloads

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
PyPI repo to distribute 4,000 security keys to maintainers of β€˜critical projects’ in 2FA drive
Google is providing Titan Security Keys to maintainers of projects in top 1% of downloads
πŸ‘3
287 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-31138 β€Ό

mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd to execute arbitrary code. Users should update their mailcow instances with the `update.sh` script in the mailcow root directory to 2022-06a or newer to receive a patch for this issue. As a temporary workaround, the Syncjob ACL can be removed from all mailbox users, preventing changes to those settings.

πŸ“– Read

via "National Vulnerability Database".
πŸ€”2πŸ‘1
286 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Online Payment Fraud Expected to Cost $343B Over Next 5 Years πŸ•΄

Fraudster innovation will continue to drive successful phishing, business email compromise, and socially engineered attacks, researchers say.

πŸ“– Read

via "Dark Reading".
Dark Reading
Online Payment Fraud Expected to Cost $343B Over Next 5 Years
Fraudster innovation will continue to drive successful phishing, business email compromise, and socially engineered attacks, researchers say.
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4138 β€Ό

IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049.

πŸ“– Read

via "National Vulnerability Database".
280 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4150 β€Ό

IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142.

πŸ“– Read

via "National Vulnerability Database".
285 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Popular NFT Marketplace Phished for $540M ❌

In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.

πŸ“– Read

via "Threat Post".
Threat Post
Popular NFT Marketplace Phished for $540M
In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.
254 views