πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23863 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress Γ’β‚¬β€œ Easy Family Trees & Ancestor Profiles plugin <=Γ‚ 2.0.22 versions.

πŸ“– Read

via "National Vulnerability Database".
361 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24372 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <=Γ‚ 1.0.0 versions.

πŸ“– Read

via "National Vulnerability Database".
321 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23884 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <=Γ‚ 2.5.20 versions.

πŸ“– Read

via "National Vulnerability Database".
297 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2591 β€Ό

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.7.

πŸ“– Read

via "National Vulnerability Database".
270 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23664 β€Ό

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <=Γ‚ 1.0.19 versions.

πŸ“– Read

via "National Vulnerability Database".
214 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23883 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityΓ‚ in David Gwyer WP Content Filter plugin <=Γ‚ 3.0.1 versions.

πŸ“– Read

via "National Vulnerability Database".
190 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23733 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Lazy Social Comments plugin <=Γ‚ 2.0.4 versions.

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-41640 β€Ό

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <=Γ‚ 2.1.5 versions.

πŸ“– Read

via "National Vulnerability Database".
184 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23732 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Disqus Conditional Load plugin <=Γ‚ 11.0.6 versions.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23734 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike Γ’β‚¬β€œ WordPress Live Chat plugin <=Γ‚ 2.2 versions.

πŸ“– Read

via "National Vulnerability Database".
247 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23862 β€Ό

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical scroll recent post plugin <=Γ‚ 14.0 versions.

πŸ“– Read

via "National Vulnerability Database".
251 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23793 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <=Γ‚ 3.1 versions.

πŸ“– Read

via "National Vulnerability Database".
266 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Half of npm Packages Vulnerable to Old-School Weapon: the 'Shift' Key πŸ•΄

For years, hackers could have tricked enterprises into downloading malware by simply de-capitalizing letters.

πŸ“– Read

via "Dark Reading".
Dark Reading
Npm Packages Vulnerable to Old-School Weapon: the 'Shift' Key
For years, hackers could have tricked enterprises into downloading malware by simply de-capitalizing letters in uppercase-named npm packages.
278 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Royal Ransomware Expands to Target Linux, VMware ESXi πŸ•΄

The ransomware gang has also started using the BatLoader dropper and SEO poisoning for initial access.

πŸ“– Read

via "Dark Reading".
Dark Reading
Royal Ransomware Expands to Target Linux, VMware ESXi
The ransomware gang has also started using the BatLoader dropper and SEO poisoning for initial access.
262 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β™ŸοΈ Feds Take Down 13 More DDoS-for-Hire Services β™ŸοΈ

The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to β€œbooter” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters.

πŸ“– Read

via "Krebs on Security".
Krebs on Security
Feds Take Down 13 More DDoS-for-Hire Services
The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to β€œbooter” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire…
230 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Keep Your Company Cyber Competent Without Adding Cyber Anxiety πŸ•΄

With the right attitude, businesses can maximize employee satisfaction and protection, without sacrificing productivity.

πŸ“– Read

via "Dark Reading".
Dark Reading
Keep Your Company Cyber Competent Without Adding Cyber Anxiety
With the right attitude, businesses can maximize employee satisfaction and protection, without sacrificing productivity.
212 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31974 β€Ό

yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c.

πŸ“– Read

via "National Vulnerability Database".
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29104 β€Ό

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user `ccuser` has write access to, or to download any file the Linux user `ccuser` has read-only access to.

πŸ“– Read

via "National Vulnerability Database".
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30985 β€Ό

A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426)

πŸ“– Read

via "National Vulnerability Database".
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-46858 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.Rezapour Product Specifications for Woocommerce plugin <=Γ‚ 0.6.0 versions.

πŸ“– Read

via "National Vulnerability Database".
129 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27407 β€Ό

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.

πŸ“– Read

via "National Vulnerability Database".
120 views