🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
🕴 DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions 🕴

Although consistently reliant on good old phishing to deliver Royal ransomware, researchers say DEV-0569 regularly uses new and creative discovery techniques to lure in new victims.

📖 Read

via "Dark Reading".
Dark Reading
DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions
Although the group relies on good old phishing to deliver Royal ransomware, researchers say DEV-0569 regularly uses new and creative discovery techniques to lure victims.
270 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-41652 ‼

Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.

📖 Read

via "National Vulnerability Database".
198 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40686 ‼

Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.

📖 Read

via "National Vulnerability Database".
198 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-44820 ‼

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=.

📖 Read

via "National Vulnerability Database".
189 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-44415 ‼

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=.

📖 Read

via "National Vulnerability Database".
175 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38974 ‼

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.

📖 Read

via "National Vulnerability Database".
178 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-41805 ‼

Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.

📖 Read

via "National Vulnerability Database".
173 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-38075 ‼

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress.

📖 Read

via "National Vulnerability Database".
167 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-41840 ‼

Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.

📖 Read

via "National Vulnerability Database".
170 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40687 ‼

Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.

📖 Read

via "National Vulnerability Database".
169 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-41692 ‼

Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.

📖 Read

via "National Vulnerability Database".
166 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43673 ‼

Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database.

📖 Read

via "National Vulnerability Database".
166 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43463 ‼

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress.

📖 Read

via "National Vulnerability Database".
167 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-44414 ‼

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=.

📖 Read

via "National Vulnerability Database".
183 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-42461 ‼

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress.

📖 Read

via "National Vulnerability Database".
200 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-41781 ‼

Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.

📖 Read

via "National Vulnerability Database".
208 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-44413 ‼

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=.

📖 Read

via "National Vulnerability Database".
215 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-43482 ‼

Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.

📖 Read

via "National Vulnerability Database".
227 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions 🕴

Although the group relies on good old phishing to deliver Royal ransomware, researchers say DEV-0569 regularly uses new and creative discovery techniques to lure victims.

📖 Read

via "Dark Reading".
Dark Reading
DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions
Although the group relies on good old phishing to deliver Royal ransomware, researchers say DEV-0569 regularly uses new and creative discovery techniques to lure victims.
278 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-41894 ‼

TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

📖 Read

via "National Vulnerability Database".
204 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-41888 ‼

TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

📖 Read

via "National Vulnerability Database".
174 views