πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-32482 β€Ό

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-46679 β€Ό

Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

πŸ“– Read

via "National Vulnerability Database".
220 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27538 β€Ό

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

πŸ“– Read

via "National Vulnerability Database".
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ US extradites French ShinyHunters hacker, faces 123 years in prison πŸ“’

The hacker is believed to be a member of the hacking group known for its spree of data breaches across 2020 and 2021

πŸ“– Read

via "ITPro".
ITPro
US extradites French ShinyHunters hacker, faces 123 years in prison
The hacker is believed to be a member of the hacking group known for its spree of data breaches across 2020 and 2021
241 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ The IT Pro Podcast: The problem with APIs πŸ“’

With API attacks on the rise, knowing your attack surface is crucial

πŸ“– Read

via "ITPro".
ITPro
The IT Pro Podcast: The problem with APIs
With API attacks on the rise, knowing your attack surface is crucial
279 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Podcast transcript: The problem with APIs πŸ“’

Read the full transcript for this episode of the IT Pro Podcast

πŸ“– Read

via "ITPro".
ITPro
Podcast transcript: The problem with APIs
Read the full transcript for this episode of the IT Pro Podcast
306 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Researcher drops Lexmark RCE zero-day rather than sell vuln β€˜for peanuts’ πŸ—“οΈ

Printer exploit chain could be weaponized to fully compromise more than 100 models

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researcher drops Lexmark RCE zero-day rather than sell vuln β€˜for peanuts’
Printer exploit chain could be weaponized to fully compromise more than 100 models
333 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0610 β€Ό

Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.

πŸ“– Read

via "National Vulnerability Database".
327 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0609 β€Ό

Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.

πŸ“– Read

via "National Vulnerability Database".
336 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Google Fi Users Caught Up in T-Mobile Breach πŸ•΄

Google Fi mobile customers have been alerted that their SIM card serial numbers, phone numbers, and other data were exposed in T-Mobile hack.

πŸ“– Read

via "Dark Reading".
Dark Reading
Google Fi Users Caught Up in T-Mobile Breach
Google Fi mobile customers have been alerted that their SIM card serial numbers, phone numbers, and other data were exposed in T-Mobile hack.
337 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47717 β€Ό

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).

πŸ“– Read

via "National Vulnerability Database".
269 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23127 β€Ό

In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS.

πŸ“– Read

via "National Vulnerability Database".
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47002 β€Ό

A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.

πŸ“– Read

via "National Vulnerability Database".
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-22575 β€Ό

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.

πŸ“– Read

via "National Vulnerability Database".
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47714 β€Ό

Last Yard 22.09.8-1 does not enforce HSTS headers

πŸ“– Read

via "National Vulnerability Database".
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-22573 β€Ό

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure.

πŸ“– Read

via "National Vulnerability Database".
172 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47715 β€Ό

In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23131 β€Ό

Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings.

πŸ“– Read

via "National Vulnerability Database".
158 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23132 β€Ό

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys.

πŸ“– Read

via "National Vulnerability Database".
155 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0613 β€Ό

A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation of the argument device_web_ip leads to memory corruption. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219937 was assigned to this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-22574 β€Ό

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service.

πŸ“– Read

via "National Vulnerability Database".
147 views