πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-46756 β€Ό

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

πŸ“– Read

via "National Vulnerability Database".
❀1
164 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3809 β€Ό

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

πŸ“– Read

via "National Vulnerability Database".
173 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-45098 β€Ό

Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.

πŸ“– Read

via "National Vulnerability Database".
180 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-45102 β€Ό

Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections.

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-32482 β€Ό

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-46679 β€Ό

Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

πŸ“– Read

via "National Vulnerability Database".
220 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27538 β€Ό

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

πŸ“– Read

via "National Vulnerability Database".
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ US extradites French ShinyHunters hacker, faces 123 years in prison πŸ“’

The hacker is believed to be a member of the hacking group known for its spree of data breaches across 2020 and 2021

πŸ“– Read

via "ITPro".
ITPro
US extradites French ShinyHunters hacker, faces 123 years in prison
The hacker is believed to be a member of the hacking group known for its spree of data breaches across 2020 and 2021
241 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ The IT Pro Podcast: The problem with APIs πŸ“’

With API attacks on the rise, knowing your attack surface is crucial

πŸ“– Read

via "ITPro".
ITPro
The IT Pro Podcast: The problem with APIs
With API attacks on the rise, knowing your attack surface is crucial
279 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Podcast transcript: The problem with APIs πŸ“’

Read the full transcript for this episode of the IT Pro Podcast

πŸ“– Read

via "ITPro".
ITPro
Podcast transcript: The problem with APIs
Read the full transcript for this episode of the IT Pro Podcast
306 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Researcher drops Lexmark RCE zero-day rather than sell vuln β€˜for peanuts’ πŸ—“οΈ

Printer exploit chain could be weaponized to fully compromise more than 100 models

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researcher drops Lexmark RCE zero-day rather than sell vuln β€˜for peanuts’
Printer exploit chain could be weaponized to fully compromise more than 100 models
333 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0610 β€Ό

Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.

πŸ“– Read

via "National Vulnerability Database".
327 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0609 β€Ό

Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.

πŸ“– Read

via "National Vulnerability Database".
336 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Google Fi Users Caught Up in T-Mobile Breach πŸ•΄

Google Fi mobile customers have been alerted that their SIM card serial numbers, phone numbers, and other data were exposed in T-Mobile hack.

πŸ“– Read

via "Dark Reading".
Dark Reading
Google Fi Users Caught Up in T-Mobile Breach
Google Fi mobile customers have been alerted that their SIM card serial numbers, phone numbers, and other data were exposed in T-Mobile hack.
337 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47717 β€Ό

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).

πŸ“– Read

via "National Vulnerability Database".
269 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23127 β€Ό

In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS.

πŸ“– Read

via "National Vulnerability Database".
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47002 β€Ό

A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.

πŸ“– Read

via "National Vulnerability Database".
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-22575 β€Ό

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.

πŸ“– Read

via "National Vulnerability Database".
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47714 β€Ό

Last Yard 22.09.8-1 does not enforce HSTS headers

πŸ“– Read

via "National Vulnerability Database".
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-22573 β€Ό

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure.

πŸ“– Read

via "National Vulnerability Database".
172 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47715 β€Ό

In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.

πŸ“– Read

via "National Vulnerability Database".
160 views