πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28127 β€Ό

A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.

πŸ“– Read

via "National Vulnerability Database".
333 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β™ŸοΈ Microsoft Patch Tuesday, May 2023 Edition β™ŸοΈ

Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.

πŸ“– Read

via "Krebs on Security".
Krebs on Security
Microsoft Patch Tuesday, May 2023 Edition
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.
426 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25833 β€Ό

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victimÒ€ℒs browser (no stateful change made or customer data rendered).

πŸ“– Read

via "National Vulnerability Database".
438 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36330 β€Ό

A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code executionΓ‚ in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: through 9.4.0-191; ibi: through 9.4.0-191.Γ‚ 

πŸ“– Read

via "National Vulnerability Database".
474 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30777 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <=Γ‚ 6.1.5 versions.

πŸ“– Read

via "National Vulnerability Database".
383 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-22361 β€Ό

Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.

πŸ“– Read

via "National Vulnerability Database".
368 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27385 β€Ό

Heap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.

πŸ“– Read

via "National Vulnerability Database".
340 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32570 β€Ό

VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.

πŸ“– Read

via "National Vulnerability Database".
271 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24392 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <=Γ‚ 1.1.7 versions.

πŸ“– Read

via "National Vulnerability Database".
264 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27889 β€Ό

Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page.

πŸ“– Read

via "National Vulnerability Database".
254 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-22711 β€Ό

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Agent Evolution IMPress Listings plugin <=Γ‚ 2.6.2 versions.

πŸ“– Read

via "National Vulnerability Database".
281 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Low-level motherboard security keys leaked in MSI breach, claim researchers ⚠

What can you do if someone steals your keys but you can't change the lock? We explain the dilemma in plain English.

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
299 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Capita cyber attack could cost firm up to $25 million in fees πŸ“’

Capita’s costs in the wake of a cyber attack could exceed expectations, experts have warned

πŸ“– Read

via "ITPro".
ITPro
Capita cyber attack could cost firm up to $25 million in fees
Capita’s costs in the wake of a cyber attack could exceed expectations, experts have warned
311 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ How the channel can help secure the future of work πŸ“’

Hybrid work security issues pose challenges for businesses, but this is where the channel has an opportunity to step in and support partners

πŸ“– Read

via "ITPro".
channelpro
How the channel can help secure the future of work
Hybrid work security issues pose challenges for businesses, but this is where the channel has an opportunity to step in and support partners
278 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Bootkit zero-day fix – is this Microsoft’s most cautious patch ever? ⚠

When blocking buggy bootup modules, you have to be really careful not to lock your keys inside the car...

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
240 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47137 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPManageNinja LLC Ninja Tables plugin <=Γ‚ 4.3.4 versions.

πŸ“– Read

via "National Vulnerability Database".
228 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-46861 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Zia Imtiaz Custom Login Page Styler for WordPress plugin <=Γ‚ 6.2 versions.

πŸ“– Read

via "National Vulnerability Database".
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47600 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Mass Email To users plugin <=Γ‚ 1.1.4 versions.

πŸ“– Read

via "National Vulnerability Database".
197 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47423 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <=Γ‚ 4.4.5 versions.

πŸ“– Read

via "National Vulnerability Database".
184 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27856 β€Ό

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atlas Gondal Export All URLs plugin <=Γ‚ 4.1 versions.

πŸ“– Read

via "National Vulnerability Database".
180 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47436 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MantraBrain Yatra plugin <=Γ‚ 2.1.14 versions.

πŸ“– Read

via "National Vulnerability Database".
181 views