πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30053 β€Ό

TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.

πŸ“– Read

via "National Vulnerability Database".
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29939 β€Ό

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr).

πŸ“– Read

via "National Vulnerability Database".
215 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29941 β€Ό

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp.

πŸ“– Read

via "National Vulnerability Database".
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29933 β€Ό

llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.

πŸ“– Read

via "National Vulnerability Database".
220 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30243 β€Ό

Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information.

πŸ“– Read

via "National Vulnerability Database".
224 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30434 β€Ό

IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.

πŸ“– Read

via "National Vulnerability Database".
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29942 β€Ό

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.

πŸ“– Read

via "National Vulnerability Database".
245 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30013 β€Ό

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.

πŸ“– Read

via "National Vulnerability Database".
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30054 β€Ό

TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.

πŸ“– Read

via "National Vulnerability Database".
277 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38707 β€Ό

IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.

πŸ“– Read

via "National Vulnerability Database".
285 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep133: Apple takes β€œtight-lipped” to a whole new level ⚠

Entertaining, educational, and all in plain English πŸŽ§πŸ“–

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep133: Apple takes β€œtight-lipped” to a whole new level
Entertaining, educational, and all in plain English πŸŽ§πŸ“–
318 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ World Password Day: 2 + 2 = 4 ⚠

We've kept it short and simple, with no sermons, no judgmentalism, no tubthumping... and no BUY NOW buttons. Have a nice day!

πŸ“– Read

via "Naked Security".
Naked Security
World Password Day: 2 + 2 = 4
We’ve kept it short and simple, with no sermons, no judgmentalism, no tubthumping… and no BUY NOW buttons. Have a nice day!
330 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ PHP Packagist supply chain poisoned by hacker β€œlooking for a job” ⚠

I pwned you! Gizza job! You know it makes sense!

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
314 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Attackers Route Malware Activity Over Popular CDNs πŸ•΄

One way to hide malicious activity is to make it look benign by blending in with regular traffic passing through content delivery networks (CDNs) and cloud service providers, according to a Netskope report.

πŸ“– Read

via "Dark Reading".
Dark Reading
Attackers Route Malware Activity Over Popular CDNs
One way to hide malicious activity is to make it look benign by blending in with regular traffic passing through content delivery networks (CDNs) and cloud service providers, according to a Netskope report.
395 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29659 β€Ό

A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.

πŸ“– Read

via "National Vulnerability Database".
341 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26285 β€Ό

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.

πŸ“– Read

via "National Vulnerability Database".
337 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32269 β€Ό

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.

πŸ“– Read

via "National Vulnerability Database".
367 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Apple Patches Bluetooth Flaw in AirPods, Beats πŸ•΄

Users can check for the updated firmware version of their wireless headphones in the Bluetooth settings of their iPhone, iPad, or Mac devices.

πŸ“– Read

via "Dark Reading".
Dark Reading
Apple Patches Bluetooth Flaw in AirPods, Beats
Users can check for the updated firmware version of their wireless headphones in the Bluetooth settings of their iPhone, iPad, or Mac devices.
389 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Judge Spares Former Uber CISO Jail Time Over 2016 Data Breach Charges πŸ•΄

Tell other CISO's "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan.

πŸ“– Read

via "Dark Reading".
Dark Reading
Judge Spares Former Uber CISO Jail Time Over 2016 Data Breach Charges
Tell other CISOs "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan.
373 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2427 β€Ό

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

πŸ“– Read

via "National Vulnerability Database".
355 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4914 β€Ό

IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.

πŸ“– Read

via "National Vulnerability Database".
358 views