πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47444 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content Γ’β‚¬β€œ ProfilePress plugin <= 4.5.3 versions.

πŸ“– Read

via "National Vulnerability Database".
285 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48431 β€Ό

In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the Ò€œTrust ProjectҀ� confirmation.

πŸ“– Read

via "National Vulnerability Database".
283 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48432 β€Ό

In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.

πŸ“– Read

via "National Vulnerability Database".
273 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23861 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce plugin <= 1.5.2 versions.

πŸ“– Read

via "National Vulnerability Database".
231 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47438 β€Ό

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.

πŸ“– Read

via "National Vulnerability Database".
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47433 β€Ό

Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.

πŸ“– Read

via "National Vulnerability Database".
220 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38077 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything Γ’β‚¬β€œ A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions.

πŸ“– Read

via "National Vulnerability Database".
231 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48430 β€Ό

In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.

πŸ“– Read

via "National Vulnerability Database".
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48433 β€Ό

In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.

πŸ“– Read

via "National Vulnerability Database".
261 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28158 β€Ό

Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.

πŸ“– Read

via "National Vulnerability Database".
305 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The CISO Mantra: Get Ready to Do More With Less πŸ•΄

For the foreseeable future, with the spigots closing shut, CISOs will need to find ways to do more with less.

πŸ“– Read

via "Dark Reading".
Dark Reading
The CISO Mantra: Get Ready to Do More With Less
For the foreseeable future, with the spigots closing shut, CISOs will need to find ways to do more with less.
328 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28892 β€Ό

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link.

πŸ“– Read

via "National Vulnerability Database".
286 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26982 β€Ό

Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.

πŸ“– Read

via "National Vulnerability Database".
282 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1680 β€Ό

A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224237 was assigned to this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
280 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1663 β€Ό

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)

πŸ“– Read

via "National Vulnerability Database".
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1575 β€Ό

The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

πŸ“– Read

via "National Vulnerability Database".
❀1
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Cops use fake DDoS services to take aim at wannabe cybercriminals ⚠

Thinking of trying a bit of DDoSsing to get a feel for life at the fringes of the Dark Side? Don't do it!

πŸ“– Read

via "Naked Security".
Naked Security
Cops use fake DDoS services to take aim at wannabe cybercriminals
Thinking of trying a bit of DDoSsing to get a feel for life at the fringes of the Dark Side? Don’t do it!
258 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Apple patches everything, including a zero-day fix for iOS 15 users ⚠

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Using Observability to Power a Smarter Cybersecurity Strategy πŸ•΄

With an infrastructure for observability, security teams can make better decisions about access and identity-based threats.

πŸ“– Read

via "Dark Reading".
Dark Reading
Using Observability to Power a Smarter Cybersecurity Strategy
With an infrastructure for observability, security teams can make better decisions about access and identity-based threats.
213 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits πŸ•΄

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

πŸ“– Read

via "Dark Reading".
Dark Reading
Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
232 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1704 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.

πŸ“– Read

via "National Vulnerability Database".
184 views