πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36707 β€Ό

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/bookdetails.php.

πŸ“– Read

via "National Vulnerability Database".
424 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36706 β€Ό

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_stockout.php.

πŸ“– Read

via "National Vulnerability Database".
377 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36704 β€Ό

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php.

πŸ“– Read

via "National Vulnerability Database".
356 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Microsoft 365 Empowers Business Users to Shoot Themselves in the Foot πŸ•΄

Citizen development allows users to design creative solutions for immediate problems, but it requires training and oversight to avoid security holes.

πŸ“– Read

via "Dark Reading".
Dark Reading
Edge Articles
πŸ‘1
330 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38511 β€Ό

TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36573 β€Ό

A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit.

πŸ“– Read

via "National Vulnerability Database".
255 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36615 β€Ό

TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

πŸ“– Read

via "National Vulnerability Database".
236 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36613 β€Ό

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

πŸ“– Read

via "National Vulnerability Database".
221 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36610 β€Ό

TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

πŸ“– Read

via "National Vulnerability Database".
215 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38510 β€Ό

Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList.

πŸ“– Read

via "National Vulnerability Database".
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36614 β€Ό

TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

πŸ“– Read

via "National Vulnerability Database".
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36611 β€Ό

TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

πŸ“– Read

via "National Vulnerability Database".
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-34668 β€Ό

NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

πŸ“– Read

via "National Vulnerability Database".
287 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36616 β€Ό

TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

πŸ“– Read

via "National Vulnerability Database".
373 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36612 β€Ό

TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

πŸ“– Read

via "National Vulnerability Database".
386 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36572 β€Ό

Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/.

πŸ“– Read

via "National Vulnerability Database".
442 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The 3 Questions CISOs Must Ask to Protect Their Sensitive Data πŸ•΄

CISOs must adopt a new mindset to take on the moving targets in modern cybersecurity.

πŸ“– Read

via "Dark Reading".
Dark Reading
The 3 Questions CISOs Must Ask to Protect Their Sensitive Data
CISOs must adopt a new mindset to take on the moving targets in modern cybersecurity.
401 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-37059 β€Ό

Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field

πŸ“– Read

via "National Vulnerability Database".
396 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Tentacles of β€˜0ktapus’ Threat Group Victimize 130 Firms ❌

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

πŸ“– Read

via "Threat Post".
Threat Post
Tentacles of β€˜0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
352 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ NATO Investigates Dark Web Leak of Data Stolen from Missile Vendor πŸ•΄

Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia.

πŸ“– Read

via "Dark Reading".
Dark Reading
NATO Investigates Dark Web Leak of Data Stolen From Missile Vendor
Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia.
300 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cyber-Insurance Firms Limit Payouts, Risk Obsolescence πŸ•΄

Businesses need to re-evaluate their cyber-insurance policies as firms like Lloyd's of London continue to add restrictions, including excluding losses related to state-backed cyberattackers.

πŸ“– Read

via "Dark Reading".
Dark Reading
Cyber-Insurance Firms Limit Payouts, Risk Obsolescence
Businesses need to re-evaluate their cyber-insurance policies as firms like Lloyd's of London continue to add restrictions, including excluding losses related to state-backed cyberattackers.
272 views