πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ GitHub enhances 2FA for npm, improves security and manageability πŸ—“οΈ

New features also include ability to connect social media accounts

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GitHub enhances 2FA for NPM, improves security and manageability
New features also include ability to connect social media accounts
233 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text] ⚠

Latest episode - listen now!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]
Latest episode – listen now!
205 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1805 β€Ό

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.

πŸ“– Read

via "National Vulnerability Database".
175 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-22644 β€Ό

Ovarro TBox TWinSoft uses the custom hardcoded user Ò€œTWinSoftҀ� with a hardcoded key.

πŸ“– Read

via "National Vulnerability Database".
147 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-22650 β€Ό

An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.

πŸ“– Read

via "National Vulnerability Database".
137 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-22640 β€Ό

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-22646 β€Ό

The Ò€œipkҀ� package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.

πŸ“– Read

via "National Vulnerability Database".
132 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1948 β€Ό

An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-22648 β€Ό

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.

πŸ“– Read

via "National Vulnerability Database".
137 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2016-2138 β€Ό

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.

πŸ“– Read

via "National Vulnerability Database".
138 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27509 β€Ό

Unauthenticated redirection to a malicious website

πŸ“– Read

via "National Vulnerability Database".
141 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35882 β€Ό

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.1 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
147 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2553 β€Ό

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.

πŸ“– Read

via "National Vulnerability Database".
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-22642 β€Ό

An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.

πŸ“– Read

via "National Vulnerability Database".
174 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2016-2139 β€Ό

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.

πŸ“– Read

via "National Vulnerability Database".
178 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ What the White House's Cybersecurity Workforce Plan Should Look Like πŸ•΄

By embracing cybersecurity as a critical part of our national security and education strategy, and working together to invest in opportunities for all, we can create a safer, more secure world.

πŸ“– Read

via "Dark Reading".
Dark Reading
What the White House's Cybersecurity Workforce Plan Should Look Like
By embracing cybersecurity as a critical part of our national security and education strategy, and working together to invest in opportunities for all, we can create a safer, more secure world.
210 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office ❌

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.

πŸ“– Read

via "Threat Post".
Threat Post
Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office
Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.
πŸ€”1
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2016-6324 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
149 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2016-4452 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
145 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2016-7049 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2016-4991 β€Ό

Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3.0.

πŸ“– Read

via "National Vulnerability Database".
129 views