๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-0103 โ€ผ

If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow an attacker to cause a denial-of-service condition.

๐Ÿ“– Read

via "National Vulnerability Database".
174 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-0102 โ€ผ

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files.

๐Ÿ“– Read

via "National Vulnerability Database".
179 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-22806 โ€ผ

LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ‘1
178 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-22803 โ€ผ

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.

๐Ÿ“– Read

via "National Vulnerability Database".
193 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด 3 Ways CISOs Can Lead Effectively and Avoid Burnout ๐Ÿ•ด

Information security is a high-stakes field with sky-high expectations. Here's how CISOs can offset the pressures and stay healthy.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
3 Ways CISOs Can Lead Effectively and Avoid Burnout
Information security is a high-stakes field with sky-high expectations. Here's how CISOs can can offset the pressures and stay healthy.
๐Ÿ‘1
205 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Brivo Reveals Top Security Trends for 2023: Convenience Is King in Securing the Hybrid Workplaces of the Future ๐Ÿ•ด

Factoring user experience and convenience into how employees and tenants access buildings is top concern for security professionals says benchmark industry survey.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Brivo Reveals Top Security Trends for 2023: Convenience Is King in Securing the Hybrid Workplaces of the Future
Factoring user experience and convenience into how employees and tenants access buildings is top concern for security professionals says benchmark industry survey.
191 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด GAO Calls for Improved Data Privacy Protections ๐Ÿ•ด

US federal watchdog agency outlines key measures for better protecting sensitive data under the federal government's control.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
GAO Calls for Improved Data Privacy Protections
US federal watchdog agency outlines key measures for better protecting sensitive data under the federal government's control.
184 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Call for Speakers Now Open for the RH-ISAC Cyber Intelligence Summit ๐Ÿ•ด

Retail & Hospitality ISAC invites industry leaders, experts, and innovators to submit proposals for presentations and panel discussions.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Call for Speakers Now Open for the RH-ISAC Cyber Intelligence Summit
Retail & Hospitality ISAC invites industry leaders, experts, and innovators to submit proposals for presentations and panel discussions.
206 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23459 โ€ผ

Priority Windows may allow Command Execution via SQL Injection using an unspecified method.

๐Ÿ“– Read

via "National Vulnerability Database".
180 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23847 โ€ผ

A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

๐Ÿ“– Read

via "National Vulnerability Database".
185 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23466 โ€ผ

Media CP Media Control Panel latest version. Insufficiently protected credential change.

๐Ÿ“– Read

via "National Vulnerability Database".
172 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23458 โ€ผ

Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request.

๐Ÿ“– Read

via "National Vulnerability Database".
157 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23464 โ€ผ

Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure.

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ‘1
149 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23850 โ€ผ

A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

๐Ÿ“– Read

via "National Vulnerability Database".
141 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47507 โ€ผ

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

๐Ÿ“– Read

via "National Vulnerability Database".
136 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23461 โ€ผ

Libpeconv รขโ‚ฌโ€œ access violation, before commit b076013 (30/11/2022).

๐Ÿ“– Read

via "National Vulnerability Database".
140 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47508 โ€ผ

Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.

๐Ÿ“– Read

via "National Vulnerability Database".
141 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23460 โ€ผ

Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass.

๐Ÿ“– Read

via "National Vulnerability Database".
140 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24498 โ€ผ

An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text.

๐Ÿ“– Read

via "National Vulnerability Database".
140 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23467 โ€ผ

Media CP Media Control Panel latest version. Reflected XSS possible through unspecified endpoint.

๐Ÿ“– Read

via "National Vulnerability Database".
143 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23836 โ€ผ

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.

๐Ÿ“– Read

via "National Vulnerability Database".
148 views