πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Why zero trust strategies fail πŸ“’

Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid

πŸ“– Read

via "ITPro".
ITPro
Why zero trust strategies fail
Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid
416 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2535 β€Ό

** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“– Read

via "National Vulnerability Database".
350 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2540 β€Ό

** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“– Read

via "National Vulnerability Database".
327 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-45048 β€Ό

Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability.Γ‚ This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.

πŸ“– Read

via "National Vulnerability Database".
326 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40331 β€Ό

An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabledThis issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.

πŸ“– Read

via "National Vulnerability Database".
285 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2539 β€Ό

** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“– Read

via "National Vulnerability Database".
268 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32235 β€Ό

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.

πŸ“– Read

via "National Vulnerability Database".
303 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2536 β€Ό

** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“– Read

via "National Vulnerability Database".
320 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28068 β€Ό

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path

πŸ“– Read

via "National Vulnerability Database".
344 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2537 β€Ό

** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“– Read

via "National Vulnerability Database".
394 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Google Expands Passkey Support with Passwordless Authentication πŸ•΄

One year after Apple, Google and Microsoft pledged to support the FIDO Alliance’s passkeys standard, support is growing, though still early in adoption.

πŸ“– Read

via "Dark Reading".
Dark Reading
Google Expands Passkey Support With Passwordless Authentication
One year after Apple, Google and Microsoft pledged to support the FIDO Alliance’s passkeys standard, support is growing, though still early in adoption.
426 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The (Security) Cost of Too Much Data Privacy πŸ•΄

The online fraud prevention industry has taken the brunt of increased privacy actions.

πŸ“– Read

via "Dark Reading".
Dark Reading
The (Security) Cost of Too Much Data Privacy
The online fraud prevention industry has taken the brunt of increased privacy actions.
371 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 2 Years After Colonial Pipeline, US Critical Infrastructure Still Not Ready for Ransomware πŸ•΄

Sweeping changes implemented since the May 2021 cyberattack are helping -- but more work remains to be done, security experts say.

πŸ“– Read

via "Dark Reading".
Dark Reading
2 Years After Colonial Pipeline, US Critical Infrastructure Still Not Ready for Ransomware
Sweeping changes implemented since the May 2021 cyberattack are helping β€” but more work remains to be done, security experts say.
πŸ‘1
367 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30242 β€Ό

NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php.

πŸ“– Read

via "National Vulnerability Database".
349 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ New White House AI Initiatives Include AI Software-Vetting Event at DEF CON πŸ•΄

The Biden administration outlined its plans to ensure responsible AI development β€” cyber-risk is a core element.

πŸ“– Read

via "Dark Reading".
Dark Reading
New White House AI Initiatives Include AI Software-Vetting Event at DEF CON
The Biden administration outlined its plans to ensure responsible AI development β€” cyber-risk is a core element.
339 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-43919 β€Ό

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.

πŸ“– Read

via "National Vulnerability Database".
284 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29935 β€Ό

llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.

πŸ“– Read

via "National Vulnerability Database".
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29932 β€Ό

llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.

πŸ“– Read

via "National Vulnerability Database".
248 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-22874 β€Ό

IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.

πŸ“– Read

via "National Vulnerability Database".
228 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29934 β€Ό

llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect().

πŸ“– Read

via "National Vulnerability Database".
210 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30053 β€Ό

TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.

πŸ“– Read

via "National Vulnerability Database".
217 views