πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3147 β€Ό

Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service.

πŸ“– Read

via "National Vulnerability Database".
196 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35725 β€Ό

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen's wp-forecast plugin <= 7.5 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
❀1
225 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep99: TikTok β€œattack” – was there a data breach, or not? [Audio + Text] ⚠

Latest episode - listen now! (Or read if you prefer - full transcript inside.)

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep99: TikTok β€œattack” – was there a data breach, or not? [Audio + Text]
Latest episode – listen now! (Or read if you prefer – full transcript inside.)
262 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ How to deal with dates and times without any timezone tantrums… ⚠

Heartfelt encouragement to embrace RFC 3339 - find out why!

πŸ“– Read

via "Naked Security".
Naked Security
How to deal with dates and times without any timezone tantrums…
Heartfelt encouragement to embrace RFC 3339 – find out why!
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ UK, US condemn Iran for β€˜unprecedented’ cyber attack against Albania πŸ“’

The Balkan nation has cut ties with Iran following the hack, which took down national infrastructure and exposed government information

πŸ“– Read

via "ITPro".
IT PRO
UK, US condemn Iran for β€˜unprecedented’ cyber attack against Albania | IT PRO
The Balkan nation has cut ties with Iran following the hack, which took down national infrastructure and exposed government information
885 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ DrayTek Vigor 2866ax review: Faster than you might expect πŸ“’

A versatile and very affordable SMB security router with Wi-Fi 6 and top-notch WAN redundancy

πŸ“– Read

via "ITPro".
IT PRO
DrayTek Vigor 2866ax review: Faster than you might expect | IT PRO
A versatile and very affordable SMB security router with Wi-Fi 6 and top-notch WAN redundancy
214 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Thoma Bravo pulls plug on Darktrace takeover πŸ“’

Shares in the UK cyber firm slumped 30%, as investors had pinned hopes on takeover deal

πŸ“– Read

via "ITPro".
IT PRO
Thoma Bravo pulls plug on Darktrace takeover | IT PRO
Shares in the UK cyber firm slumped 30%, as investors had pinned hopes on takeover deal
204 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ HP patches high-severity security flaw in its own support tool πŸ“’

The application that's installed in every HP desktop and notebook was allowing hackers to elevate privileges through a DLL hijacking vulnerability

πŸ“– Read

via "ITPro".
IT PRO
HP patches high-severity security flaw in its own support tool | IT PRO
The application that's installed in every HP desktop and notebook was allowing hackers to elevate privileges through a DLL hijacking vulnerability
204 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28742 β€Ό

aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application

πŸ“– Read

via "National Vulnerability Database".
178 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28741 β€Ό

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x

πŸ“– Read

via "National Vulnerability Database".
175 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36617 β€Ό

Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords.

πŸ“– Read

via "National Vulnerability Database".
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38614 β€Ό

An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.

πŸ“– Read

via "National Vulnerability Database".
167 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38613 β€Ό

A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.

πŸ“– Read

via "National Vulnerability Database".
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40317 β€Ό

OpenKM 6.3.11 allows stored XSS related to the javascript&colon; substring in an A element.

πŸ“– Read

via "National Vulnerability Database".
163 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28740 β€Ό

aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor.

πŸ“– Read

via "National Vulnerability Database".
168 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38615 β€Ό

SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.

πŸ“– Read

via "National Vulnerability Database".
179 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-39810 β€Ό

An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks would not be possible.

πŸ“– Read

via "National Vulnerability Database".
188 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-34165 β€Ό

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.

πŸ“– Read

via "National Vulnerability Database".
222 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-39809 β€Ό

An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/mediation_secure_vault/properties/ajaxprocessor.jsp via the name parameter. Session hijacking or similar attacks would not be possible.

πŸ“– Read

via "National Vulnerability Database".
256 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Business Security Starts With Identity πŸ•΄

How identity-centric security can support business objectives.

πŸ“– Read

via "Dark Reading".
Dark Reading
Business Security Starts With Identity
How identity-centric security can support business objectives.
260 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38639 β€Ό

A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field.

πŸ“– Read

via "National Vulnerability Database".
231 views