πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you ⚠

Uber is all over the news for a widely-publicised data breach. We help you answer the question, "How do I stop this happening to me?"

πŸ“– Read

via "Naked Security".
Naked Security
UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you
Uber is all over the news for a widely-publicised data breach. We help you answer the question, β€œHow do I stop this happening to me?”
623 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep100.5: Uber breach – an expert speaks [Audio + Text] ⚠

Chester Wisniewski on what we can learn from Uber: "Just because a big company didn't have the security they should doesn't mean you can't."

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep100.5: Uber breach – an expert speaks [Audio + Text]
Chester Wisniewski on what we can learn from Uber: β€œJust because a big company didn’t have the security they should doesn’t mean you can’t.”
629 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3232 β€Ό

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.

πŸ“– Read

via "National Vulnerability Database".
632 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3234 β€Ό

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.

πŸ“– Read

via "National Vulnerability Database".
712 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40768 β€Ό

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

πŸ“– Read

via "National Vulnerability Database".
725 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40766 β€Ό

Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring.

πŸ“– Read

via "National Vulnerability Database".
803 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40769 β€Ό

profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.

πŸ“– Read

via "National Vulnerability Database".
825 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40775 β€Ό

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields.

πŸ“– Read

via "National Vulnerability Database".
799 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40774 β€Ό

An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
818 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40778 β€Ό

A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.

πŸ“– Read

via "National Vulnerability Database".
702 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38617 β€Ό

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘3
621 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ β€˜Security teams often fight against developers taking control’ of AppSec: Tanya Janca on the drive to DevSecOps adoption πŸ—“οΈ

Infosec advocate speaks to The Daily Swig about the benefits of, and barriers to, β€˜shifting left’

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
β€˜Security teams often fight against developers taking control’ of AppSec: Tanya Janca on the drive to DevSecOps adoption
Infosec advocate speaks to The Daily Swig about the benefits of, and barriers to, β€˜shifting left’
597 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40811 β€Ό

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.

πŸ“– Read

via "National Vulnerability Database".
417 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40074 β€Ό

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, setSchedWifi.

πŸ“– Read

via "National Vulnerability Database".
379 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2754 β€Ό

The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks

πŸ“– Read

via "National Vulnerability Database".
356 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1591 β€Ό

The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

πŸ“– Read

via "National Vulnerability Database".
292 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2710 β€Ό

The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

πŸ“– Read

via "National Vulnerability Database".
269 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3021 β€Ό

The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

πŸ“– Read

via "National Vulnerability Database".
253 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40073 β€Ό

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo.

πŸ“– Read

via "National Vulnerability Database".
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3141 β€Ό

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.

πŸ“– Read

via "National Vulnerability Database".
239 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40069 β€Ό

]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime.

πŸ“– Read

via "National Vulnerability Database".
229 views