πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47606 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Stephenson WP-CORS plugin <=Γ‚ 0.2.1 versions.

πŸ“– Read

via "National Vulnerability Database".
206 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47441 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <=Γ‚ 1.7.0.10 versions.

πŸ“– Read

via "National Vulnerability Database".
191 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-46817 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyzoo Flyzoo Chat plugin <=Γ‚ 2.3.3 versions.

πŸ“– Read

via "National Vulnerability Database".
201 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47587 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <=Γ‚ 1.4.5 versions.

πŸ“– Read

via "National Vulnerability Database".
212 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-33961 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WaspThemes Visual CSS Style Editor plugin <=Γ‚ 7.5.8 versions.

πŸ“– Read

via "National Vulnerability Database".
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47590 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fugu Maintenance Switch plugin <=Γ‚ 1.5.2 versions.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
254 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ US reveals bespoke tool that took down Russian malware operation πŸ“’

Snake had been used to steal NATO countries’ data for 20 years

πŸ“– Read

via "ITPro".
ITPro
US reveals bespoke tool that took down Russian malware operation
Snake had been used to steal NATO countries’ data for 20 years
271 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ New Startup SquareX Targets Brower-Based Attacks πŸ•΄

SquareX runs headless browsers in data centers on the user's behalf so that threats never reach the user's machine.

πŸ“– Read

via "Dark Reading".
Dark Reading
Startup SquareX Targets Browser-Based Attacks
SquareX runs headless browsers in data centers on the user's behalf so that threats never reach the user's machine.
266 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Microsoft Digital Defense Report: Trends In Device and Infrastructure Attacks πŸ•΄

In part two of this three-part series, Microsoft synthesizes the impact of IoT/OT security challenges and offers tips for strengthening security there.

πŸ“– Read

via "Dark Reading".
Dark Reading
Microsoft Digital Defense Report: Trends In Device and Infrastructure Attacks
In part two of this three-part series, Microsoft synthesizes the impact of IoT/OT security challenges and offers tips for strengthening security there.
277 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-45846 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin <Γ‚ 5.6.9 versions.

πŸ“– Read

via "National Vulnerability Database".
253 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1732 β€Ό

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read()Γ‚ returns an error. In rare deployment cases (error thrown by the Read()Γ‚ function), this could lead to a predictable shared secret.The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.

πŸ“– Read

via "National Vulnerability Database".
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The Industrywide Consequences of Making Security Products Inaccessible πŸ•΄

Accessibility won't solve all of the industry's problems, but it can help tackle a few.

πŸ“– Read

via "Dark Reading".
Dark Reading
The Industrywide Consequences of Making Security Products Inaccessible
Accessibility won't solve all of the industry's problems, but it can help tackle a few.
322 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27382 β€Ό

Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.

πŸ“– Read

via "National Vulnerability Database".
324 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27563 β€Ό

The n8n package 0.218.0 for Node.js allows Escalation of Privileges.

πŸ“– Read

via "National Vulnerability Database".
310 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-34147 β€Ό

Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access.

πŸ“– Read

via "National Vulnerability Database".
292 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-41693 β€Ό

Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

πŸ“– Read

via "National Vulnerability Database".
192 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-41687 β€Ό

Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.

πŸ“– Read

via "National Vulnerability Database".
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-41979 β€Ό

Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.

πŸ“– Read

via "National Vulnerability Database".
150 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-41621 β€Ό

Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.

πŸ“– Read

via "National Vulnerability Database".
150 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-37409 β€Ό

Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.

πŸ“– Read

via "National Vulnerability Database".
141 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-41699 β€Ό

Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

πŸ“– Read

via "National Vulnerability Database".
139 views