๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44807 โ€ผ

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString.

๐Ÿ“– Read

via "National Vulnerability Database".
270 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44737 โ€ผ

Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) รขโ‚ฌโ€œ Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.

๐Ÿ“– Read

via "National Vulnerability Database".
278 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44804 โ€ผ

D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function.

๐Ÿ“– Read

via "National Vulnerability Database".
284 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44801 โ€ผ

D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control.

๐Ÿ“– Read

via "National Vulnerability Database".
289 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44806 โ€ผ

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.

๐Ÿ“– Read

via "National Vulnerability Database".
309 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44201 โ€ผ

D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.

๐Ÿ“– Read

via "National Vulnerability Database".
335 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44808 โ€ผ

A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
359 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-44184 โ€ผ

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec.

๐Ÿ“– Read

via "National Vulnerability Database".
384 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  How to hack an unpatched Exchange server with rogue PowerShell code โš 

Review your servers, your patches and your authentication policies - there's a proof-of-concept out

๐Ÿ“– Read

via "Naked Security".
Sophos News
Naked Security โ€“ Sophos News
407 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Cyber Due Diligence in M&As Uncovers Threats, Improves Valuations ๐Ÿ•ด

To get the full picture, companies need to look into the cybersecurity history and practices of the business they're acquiring.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Cyber Due Diligence in M&As Uncovers Threats, Improves Valuations
To get the full picture, companies need to look into the cybersecurity history and practices of the business they're acquiring.
393 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด How Work From Home Shaped the Road to SASE for Enterprises ๐Ÿ•ด

As SASE adoption grows, with its allure of simplified protection via one network and security experience for hybrid workers, remember: Have an overall plan, integrate and migrate to scale usage, and start small.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
How Work From Home Shaped the Road to SASE for Enterprises
As SASE adoption grows, with its allure of simplified protection via one network and security experience for hybrid workers, remember: Have an overall plan, integrate and migrate to scale usage, and start small.
407 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-39067 โ€ผ

There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.

๐Ÿ“– Read

via "National Vulnerability Database".
349 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-41950 โ€ผ

super-xray is the GUI alternative for vulnerability scanning tool xray. In 0.2-beta, a privilege escalation vulnerability was discovered. This caused inaccurate default xray permissions. Note: this vulnerability only affects Linux and Mac OS systems. Users should upgrade to super-xray 0.3-beta.

๐Ÿ“– Read

via "National Vulnerability Database".
371 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-39070 โ€ผ

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.

๐Ÿ“– Read

via "National Vulnerability Database".
376 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-43212 โ€ผ

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php.

๐Ÿ“– Read

via "National Vulnerability Database".
356 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-39066 โ€ผ

There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.

๐Ÿ“– Read

via "National Vulnerability Database".
388 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด DraftKings Account Takeovers Frame Sports-Betting Cybersecurity Dilemma ๐Ÿ•ด

Cybercrooks have drained DraftKings accounts of $300K in the past few days thanks to credential stuffing, just as the 2022 FIFA World Cup starts up.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
DraftKings Account Takeovers Frame Sports-Betting Cybersecurity Dilemma
Cybercrooks have drained DraftKings accounts of $300K in the past few days thanks to credential stuffing, just as the 2022 FIFA World Cup starts up.
413 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-41919 โ€ผ

Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Typeรƒยขรขโ€šยฌรขโ€žยขs essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could potentially be used to invoke routes that only accepts `application/json` content type, thus bypassing any CORS protection, and therefore they could lead to a Cross-Site Request Forgery attack. This issue has been patched in version 4.10.2 and 3.29.4. As a workaround, implement Cross-Site Request Forgery protection using `@fastify/csrf'.

๐Ÿ“– Read

via "National Vulnerability Database".
376 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-40228 โ€ผ

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527.

๐Ÿ“– Read

via "National Vulnerability Database".
349 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-4116 โ€ผ

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.

๐Ÿ“– Read

via "National Vulnerability Database".
311 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-2791 โ€ผ

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC.

๐Ÿ“– Read

via "National Vulnerability Database".
301 views