🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Lessons From the Cold War: How Quality Trumps Quantity in Cybersecurity 🕴

High-quality tools and standards remain critical components in cybersecurity efforts even as budgets decline. It's important that staff knows response procedures and their roles, and also communicates well.

📖 Read

via "Dark Reading".
Dark Reading
Lessons From the Cold War: How Quality Trumps Quantity in Cybersecurity
High-quality tools and standards remain critical components in cybersecurity efforts even as budgets decline. It's important that staff knows response procedures and their roles, and also communicates well.
567 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-0760

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.

📖 Read

via "National Vulnerability Database".
467 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-0759

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.

📖 Read

via "National Vulnerability Database".
462 views
🛡 Cybersecurity & Privacy 🛡 - News
OpenSSL fixes High Severity data-stealing bug – patch now!

7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...

📖 Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
😱1
402 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-22953

In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.

📖 Read

via "National Vulnerability Database".
358 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.

📖 Read

via "National Vulnerability Database".
319 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-0574

Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0 through 2.13.

📖 Read

via "National Vulnerability Database".
321 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Twitter Implements API Paywall; But Will That Solve Its Enormous Bot Crisis? 🕴

Restricting the Twitter API will have implications across Twitter, the broader Internet, and society, experts say. Is there a cybersecurity silver lining, or will threat actors pay to play?

📖 Read

via "Dark Reading".
Dark Reading
Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis?
Restricting the Twitter API will have implications across Twitter, the broader Internet, and society, experts say. Is there a cybersecurity silver lining, or will threat actors pay to play?
308 views
🛡 Cybersecurity & Privacy 🛡 - News
🗓️ New XSS Hunter host Truffle Security faces privacy backlash 🗓️

Anonymized numbers of bug discoveries swiftly deleted after pushback

📖 Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
New XSS Hunter host Truffle Security faces privacy backlash
Anonymized numbers of bug discoveries swiftly deleted after pushback
315 views
🛡 Cybersecurity & Privacy 🛡 - News
S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

Latest epsiode. Listen now!

📖 Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
314 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 In Perfect Harmony: Cybersecurity Regulation Harmonization 🕴

By simplifying compliance management, security and risk teams can focus on managing operational risk, not compliance risk — and better counter threats.

📖 Read

via "Dark Reading".
Dark Reading
In Perfect Harmony: Cybersecurity Regulation Harmonization
By simplifying compliance management, security and risk teams can focus on managing operational risk, not compliance risk — and better counter threats.
👍1
284 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 NIST Picks IoT Standard for Small Electronics Cybersecurity 🕴

NIST announces that it will use Ascon as a cryptography standard for lightweight IoT device protection.

📖 Read

via "Dark Reading".
Dark Reading
NIST Picks IoT Standard for Small Electronics Cybersecurity
NIST announces that it will use Ascon as a cryptography standard for lightweight IoT device protection.
260 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-48293

The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

📖 Read

via "National Vulnerability Database".
236 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-48301

The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.

📖 Read

via "National Vulnerability Database".
231 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-48295

The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).

📖 Read

via "National Vulnerability Database".
225 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-22605

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

📖 Read

via "National Vulnerability Database".
190 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-48292

The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

📖 Read

via "National Vulnerability Database".
182 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-22604

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

📖 Read

via "National Vulnerability Database".
174 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-48300

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

📖 Read

via "National Vulnerability Database".
172 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-48296

The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.

📖 Read

via "National Vulnerability Database".
171 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-48294

The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.

📖 Read

via "National Vulnerability Database".
175 views