πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28413 β€Ό

Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition.

πŸ“– Read

via "National Vulnerability Database".
205 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31740 β€Ό

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges.

πŸ“– Read

via "National Vulnerability Database".
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28394 β€Ό

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well.

πŸ“– Read

via "National Vulnerability Database".
271 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25440 β€Ό

Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.

πŸ“– Read

via "National Vulnerability Database".
316 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27923 β€Ό

Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.

πŸ“– Read

via "National Vulnerability Database".
387 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27514 β€Ό

OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command.

πŸ“– Read

via "National Vulnerability Database".
413 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26595 β€Ό

Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.

πŸ“– Read

via "National Vulnerability Database".
494 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ PyPI attack: Targeting of repository 'shows no sign of stopping' πŸ“’

Greater collaboration and understanding of attackers’ tactics is key to mitigating open source security threats

πŸ“– Read

via "ITPro".
ITPro
PyPI attack: Targeting of repository 'shows no sign of stopping'
Greater collaboration and understanding of attackers’ tactics is key to mitigating open source security threats
472 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Phone scamming kingpin gets 13 years for running β€œiSpoof” service ⚠

Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.

πŸ“– Read

via "Naked Security".
Naked Security
Phone scamming kingpin gets 13 years for running β€œiSpoof” service
Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.
433 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans πŸ•΄

Shorter certificate lifespans are beneficial, but they require a rethink of how to properly manage them.

πŸ“– Read

via "Dark Reading".
Dark Reading
Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans
Shorter certificate lifespans are beneficial, but they require a rethink of how to properly manage them.
332 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2483 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

πŸ“– Read

via "National Vulnerability Database".
248 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33338 β€Ό

Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.

πŸ“– Read

via "National Vulnerability Database".
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31669 β€Ό

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").

πŸ“– Read

via "National Vulnerability Database".
253 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23724 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <=Γ‚ 3.9.3 versions.

πŸ“– Read

via "National Vulnerability Database".
255 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23706 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <=Γ‚ 7.5.14 versions.

πŸ“– Read

via "National Vulnerability Database".
❀1
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25707 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <=Γ‚ 1.5.12 versions.

πŸ“– Read

via "National Vulnerability Database".
279 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25472 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <=Γ‚ 3.8.3 versions.

πŸ“– Read

via "National Vulnerability Database".
291 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25481 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <=Γ‚ 1.3.7 versions.

πŸ“– Read

via "National Vulnerability Database".
293 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  Stegano 0.11.2 πŸ› 

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
Stegano 0.11.2 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
299 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking πŸ•΄

A February 2022 attack, knocked the giant tire maker's North American operations offline for several days.

πŸ“– Read

via "Dark Reading".
Dark Reading
Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking
A February 2022 attack knocked the giant tire maker's North American operations offline for several days.
350 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses πŸ•΄

Threat actors are circumventing geo-location-based security detections, using a combination of cybercrime-as-a-service platforms and the purchasing of local IP addresses.

πŸ“– Read

via "Dark Reading".
Dark Reading
Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses
Threat actors are circumventing geo-location-based security detections, using a combination of cybercrime-as-a-service platforms and the purchasing of local IP addresses.
337 views