πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Wiz Reaches $10B Valuation With Consolidated Cloud Security Platform πŸ•΄

Cloud security vendor Wiz has raised $900 million since its founding in 2020.

πŸ“– Read

via "Dark Reading".
Dark Reading
Wiz Reaches $10B Valuation With Consolidated Cloud Security Platform
Cloud security vendor Wiz has raised $900 million since its founding in 2020.
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Attackers Were on Network for 2 Years, News Corp Says πŸ•΄

The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China.

πŸ“– Read

via "Dark Reading".
Dark Reading
Attackers Were on Network for 2 Years, News Corp Says
The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China.
236 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Active Digital Identity Apps to Surpass 4.1B by 2027 πŸ•΄



πŸ“– Read

via "Dark Reading".
Dark Reading
Active Digital Identity Apps to Surpass 4.1B by 2027
Hampshire, UK – 27th February 2023: A new study from Juniper Research has found that the number of digital identity apps in use will exceed 4.1 billion globally by 2027; rising from 2.3 billion in 2023.
219 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26041 β€Ό

Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available.

πŸ“– Read

via "National Vulnerability Database".
209 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26043 β€Ό

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.

πŸ“– Read

via "National Vulnerability Database".
220 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24258 β€Ό

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.

πŸ“– Read

via "National Vulnerability Database".
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1055 β€Ό

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.

πŸ“– Read

via "National Vulnerability Database".
280 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2015-10086 β€Ό

A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808.

πŸ“– Read

via "National Vulnerability Database".
301 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Beware rogue 2FA apps in App Store and Google Play – don’t get hacked! ⚠

Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)

πŸ“– Read

via "Naked Security".
Naked Security
Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!
Even in Apple’s and Google’s β€œwalled gardens”, there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)
309 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Dutch police arrest three cyberextortion suspects who allegedly earned millions ⚠

Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?

πŸ“– Read

via "Naked Security".
Naked Security
Dutch police arrest three cyberextortion suspects who allegedly earned millions
Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?
πŸ‘1
351 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ LastPass: The crooks used a keylogger to crack a corporatre password vault ⚠

Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.

πŸ“– Read

via "Naked Security".
Naked Security
LastPass: Keylogger on home PC led to cracked corporate password vault
Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn’t say which one!) on a developer’s home computer.
370 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-22995 β€Ό

In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.

πŸ“– Read

via "National Vulnerability Database".
315 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3884 β€Ό

Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.

πŸ“– Read

via "National Vulnerability Database".
323 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-22283 β€Ό

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.

πŸ“– Read

via "National Vulnerability Database".
324 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-4895 β€Ό

Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.

πŸ“– Read

via "National Vulnerability Database".
308 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1081 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.

πŸ“– Read

via "National Vulnerability Database".
350 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26105 β€Ό

All versions of the package utilities are vulnerable to Prototype Pollution via the _mix function.

πŸ“– Read

via "National Vulnerability Database".
❀1
406 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-36652 β€Ό

Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.

πŸ“– Read

via "National Vulnerability Database".
503 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win πŸ•΄

The war on critical infrastructure demands a better security strategy.

πŸ“– Read

via "Dark Reading".
Dark Reading
The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win
The war on critical infrastructure demands a better security strategy.
417 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1023 β€Ό

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to change sitemap-related settings of the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.

πŸ“– Read

via "National Vulnerability Database".
343 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1028 β€Ό

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

πŸ“– Read

via "National Vulnerability Database".
240 views