๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44194 โ€ผ

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.

๐Ÿ“– Read

via "National Vulnerability Database".
276 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44197 โ€ผ

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.

๐Ÿ“– Read

via "National Vulnerability Database".
283 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-3910 โ€ผ

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679

๐Ÿ“– Read

via "National Vulnerability Database".
322 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44196 โ€ผ

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.

๐Ÿ“– Read

via "National Vulnerability Database".
336 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44200 โ€ผ

Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec.

๐Ÿ“– Read

via "National Vulnerability Database".
350 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด How Tech Companies Can Slow Down Spike in Breaches ๐Ÿ•ด

Cybercrime continues to evolve โ€” and shows no signs of slowing down.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
How Tech Companies Can Slow Down Spike in Breaches
Cybercrime continues to evolve โ€” and shows no signs of slowing down.
413 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ—“๏ธ Mastodon vulnerable to multiple system configuration problems ๐Ÿ—“๏ธ

The whole toot

๐Ÿ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Mastodon vulnerable to multiple system configuration problems
The whole toot
427 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks ๐Ÿ•ด

Google Workspace's team is seeing a spike in phishing and spam hitting Gmail โ€” up 10% in just the last two weeks.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks
Google Workspace's team is seeing a spike in phishing and spam hitting Gmail โ€” up 10% in just the last two weeks.
408 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Enterprises Pay $1,200 Per Employee Annually to Fight Cyberattacks Against Cloud Collab Apps ๐Ÿ•ด

Orgs are in the middle of a rapid increase in the use of new collaboration tools to serve the needs of an increasingly dispersed workforce โ€” and they're paying a very real security price.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Enterprises Pay $1,200 Per Employee Annually to Fight Cyberattacks Against Cloud Collab Apps
Orgs are in the middle of a rapid increase in the use of new collaboration tools to serve the needs of an increasingly dispersed workforce โ€” and they're paying a very real security price.
394 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  How social media scammers buy time to steal your 2FA codes โš 

The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server... but the content is all fake

๐Ÿ“– Read

via "Naked Security".
Sophos News
Naked Security โ€“ Sophos News
๐Ÿ‘1
352 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44202 โ€ผ

D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow.

๐Ÿ“– Read

via "National Vulnerability Database".
314 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-41952 โ€ผ

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file.

๐Ÿ“– Read

via "National Vulnerability Database".
302 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44807 โ€ผ

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString.

๐Ÿ“– Read

via "National Vulnerability Database".
270 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44737 โ€ผ

Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) รขโ‚ฌโ€œ Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.

๐Ÿ“– Read

via "National Vulnerability Database".
278 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44804 โ€ผ

D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function.

๐Ÿ“– Read

via "National Vulnerability Database".
284 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44801 โ€ผ

D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control.

๐Ÿ“– Read

via "National Vulnerability Database".
289 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44806 โ€ผ

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.

๐Ÿ“– Read

via "National Vulnerability Database".
309 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44201 โ€ผ

D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.

๐Ÿ“– Read

via "National Vulnerability Database".
335 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44808 โ€ผ

A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
359 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44184 โ€ผ

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec.

๐Ÿ“– Read

via "National Vulnerability Database".
384 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  How to hack an unpatched Exchange server with rogue PowerShell code โš 

Review your servers, your patches and your authentication policies - there's a proof-of-concept out

๐Ÿ“– Read

via "Naked Security".
Sophos News
Naked Security โ€“ Sophos News
407 views