πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0651 β€Ό

A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is the identifier assigned to this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
297 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep120: When dud crypto simply won’t let go [Audio + Text] ⚠

Latest episode - listen now!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep120: When dud crypto simply won’t let go [Audio + Text]
Latest episode – listen now!
306 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23120 β€Ό

The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
290 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23119 β€Ό

The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.

πŸ“– Read

via "National Vulnerability Database".
292 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Rising β€˜Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyberattacks πŸ•΄

The group's wanton attacks demonstrate that business email compromise is everything a hacker can want in one package: low risk, high reward, quick, easy, and low effort.

πŸ“– Read

via "Dark Reading".
Dark Reading
Rising 'Firebrick Ostrich' BEC Group Launches Industrial-Scale Cyberattacks
The group's wanton attacks demonstrate that business email compromise is everything a hacker can want in one package: low risk, high reward, quick, easy, and low effort.
332 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 6 Examples of the Evolution of a Scam Site πŸ•΄

Examining some key examples of recently found fraud sites that target the lucrative retail shoe industry helps us understand how brand impersonation sites evolve.

πŸ“– Read

via "Dark Reading".
Dark Reading
6 Examples of the Evolution of a Scam Site
Examining some key examples of recently found fraud sites that target the lucrative retail shoe industry helps us understand how brand impersonation sites evolve.
πŸ‘1
355 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36401 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet Γ’β‚¬β€œ For WooCommerce plugin <= 1.3.24 versions.

πŸ“– Read

via "National Vulnerability Database".
297 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0253 β€Ό

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

πŸ“– Read

via "National Vulnerability Database".
289 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48113 β€Ό

A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.

πŸ“– Read

via "National Vulnerability Database".
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3560 β€Ό

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.

πŸ“– Read

via "National Vulnerability Database".
195 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48082 β€Ό

Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag.

πŸ“– Read

via "National Vulnerability Database".
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-45067 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions.

πŸ“– Read

via "National Vulnerability Database".
168 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0576 β€Ό

Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in Yugabyte DB allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte DB: v2.17.0.0.

πŸ“– Read

via "National Vulnerability Database".
171 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24574 β€Ό

Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.

πŸ“– Read

via "National Vulnerability Database".
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-46842 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.

πŸ“– Read

via "National Vulnerability Database".
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48140 β€Ό

DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.

πŸ“– Read

via "National Vulnerability Database".
179 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48130 β€Ό

Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-46815 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions.

πŸ“– Read

via "National Vulnerability Database".
201 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40692 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.

πŸ“– Read

via "National Vulnerability Database".
214 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48114 β€Ό

RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.

πŸ“– Read

via "National Vulnerability Database".
245 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48079 β€Ό

Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system.

πŸ“– Read

via "National Vulnerability Database".
314 views