🛡 Cybersecurity & Privacy 🛡 - News – Telegram

🛡 Cybersecurity & Privacy 🛡 - News

25.8K subscribers

89.2K links

🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com

Download Telegram

About

Blog

Apps

Platform

🛡 Cybersecurity & Privacy 🛡 - News

25.8K subscribers

🛡 Cybersecurity & Privacy 🛡 - News

🕴 Microsoft Tops Brands Phishers Prefer 🕴

Wide use of Microsoft 365 applications by business lets phishers easily launch data theft, BEC, ransomware, and other attacks, new report finds.

📖 Read

via "Dark Reading".

Microsoft Tops Brands Phishers Prefer

Wide use of Microsoft 365 applications by business lets phishers easily launch data theft, BEC, ransomware, and other attacks, new report finds.

232 views21:28

🛡 Cybersecurity & Privacy 🛡 - News

🕴 Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media 🕴

Year-long analysis from Norton Labs finds nearly three-quarters of phishing sites imitate Facebook.

📖 Read

via "Dark Reading".

Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media

Year-long analysis from Norton Labs finds nearly three-quarters of phishing sites imitate Facebook.

225 views22:28

🛡 Cybersecurity & Privacy 🛡 - News

🕴 Craig Newmark Gives UC Berkeley $2 Million for University Cybersecurity Clinics 🕴

.

📖 Read

via "Dark Reading".

Craig Newmark Gives UC Berkeley $2 Million for University Cybersecurity Clinics

202 views22:58

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29953 ‼

The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.

📖 Read

via "National Vulnerability Database".

173 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1636 ‼

Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".

159 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-40180 ‼

In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts.

📖 Read

via "National Vulnerability Database".

146 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1637 ‼

Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

📖 Read

via "National Vulnerability Database".

138 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1499 ‼

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

📖 Read

via "National Vulnerability Database".

131 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1492 ‼

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.

📖 Read

via "National Vulnerability Database".

122 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1633 ‼

Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.

📖 Read

via "National Vulnerability Database".

123 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29951 ‼

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.

📖 Read

via "National Vulnerability Database".

124 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1494 ‼

Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.

📖 Read

via "National Vulnerability Database".

116 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-27105 ‼

InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users.

📖 Read

via "National Vulnerability Database".

118 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1501 ‼

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

📖 Read

via "National Vulnerability Database".

121 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1485 ‼

Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".

114 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1479 ‼

Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".

108 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1477 ‼

Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".

106 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1496 ‼

Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

📖 Read

via "National Vulnerability Database".

112 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1497 ‼

Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.

📖 Read

via "National Vulnerability Database".

107 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1483 ‼

Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

📖 Read

via "National Vulnerability Database".

111 views00:35

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1493 ‼

Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

📖 Read

via "National Vulnerability Database".

113 views00:35