πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 'Very Noisy:' For the Black Hat NOC, It's All Malicious Traffic All the Time πŸ•΄

Black Hat Asia's NOC team gives a look inside what's really happening on the cyberfront during these events.

πŸ“– Read

via "Dark Reading".
Dark Reading
'Very Noisy': For the Black Hat NOC, It's All Malicious Traffic All the Time
Black Hat Asia's NOC team gives a look inside what's really happening on the cyberfront during these events.
278 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep134: It’s a PRIVATE key – the hint is in the name! ⚠

Latest episode - listen now! (Full transcript inside.)

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
285 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ How Cybercriminals Adapted to Microsoft Blocking Macros by Default πŸ•΄

One long-awaited security move caused a ripple effect in the cybercrime ecosystem.

πŸ“– Read

via "Dark Reading".
Dark Reading
How Cybercriminals Adapted to Microsoft Blocking Macros by Default
One long-awaited security move caused a ripple effect in the cybercrime ecosystem.
257 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30768 β€Ό

Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access.

πŸ“– Read

via "National Vulnerability Database".
240 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29242 β€Ό

Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

πŸ“– Read

via "National Vulnerability Database".
201 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31197 β€Ό

Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access.

πŸ“– Read

via "National Vulnerability Database".
183 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31922 β€Ό

QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c.

πŸ“– Read

via "National Vulnerability Database".
165 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31199 β€Ό

Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access.

πŸ“– Read

via "National Vulnerability Database".
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27823 β€Ό

An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.

πŸ“– Read

via "National Vulnerability Database".
155 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31914 β€Ό

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc.

πŸ“– Read

via "National Vulnerability Database".
150 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47880 β€Ό

An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function.

πŸ“– Read

via "National Vulnerability Database".
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30763 β€Ό

Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access.

πŸ“– Read

via "National Vulnerability Database".
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31918 β€Ό

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c.

πŸ“– Read

via "National Vulnerability Database".
152 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1934 β€Ό

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT data, alongside other sensitive records like SMS and SMS Logs. The unauthorized database access exposes compromised systems to potential manipulation or breach of essential infrastructure data, highlighting the severity of this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
154 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31920 β€Ό

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c.

πŸ“– Read

via "National Vulnerability Database".
141 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23867 β€Ό

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gautam Thapar Button Builder Γ’β‚¬β€œ Buttons X plugin <=Γ‚ 0.8.6 versions.

πŸ“– Read

via "National Vulnerability Database".
141 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31921 β€Ό

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c.

πŸ“– Read

via "National Vulnerability Database".
144 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32081 β€Ό

Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. The issue is patched in Vert.x 3.9.16 and 4.4.2. There are no trivial workarounds.

πŸ“– Read

via "National Vulnerability Database".
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47879 β€Ό

A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods.

πŸ“– Read

via "National Vulnerability Database".
162 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31913 β€Ό

Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c.

πŸ“– Read

via "National Vulnerability Database".
171 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31916 β€Ό

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c.

πŸ“– Read

via "National Vulnerability Database".
183 views