πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27514 β€Ό

OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command.

πŸ“– Read

via "National Vulnerability Database".
413 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26595 β€Ό

Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.

πŸ“– Read

via "National Vulnerability Database".
494 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ PyPI attack: Targeting of repository 'shows no sign of stopping' πŸ“’

Greater collaboration and understanding of attackers’ tactics is key to mitigating open source security threats

πŸ“– Read

via "ITPro".
ITPro
PyPI attack: Targeting of repository 'shows no sign of stopping'
Greater collaboration and understanding of attackers’ tactics is key to mitigating open source security threats
472 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Phone scamming kingpin gets 13 years for running β€œiSpoof” service ⚠

Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.

πŸ“– Read

via "Naked Security".
Naked Security
Phone scamming kingpin gets 13 years for running β€œiSpoof” service
Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.
433 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans πŸ•΄

Shorter certificate lifespans are beneficial, but they require a rethink of how to properly manage them.

πŸ“– Read

via "Dark Reading".
Dark Reading
Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans
Shorter certificate lifespans are beneficial, but they require a rethink of how to properly manage them.
332 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2483 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

πŸ“– Read

via "National Vulnerability Database".
248 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33338 β€Ό

Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.

πŸ“– Read

via "National Vulnerability Database".
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31669 β€Ό

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").

πŸ“– Read

via "National Vulnerability Database".
253 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23724 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <=Γ‚ 3.9.3 versions.

πŸ“– Read

via "National Vulnerability Database".
255 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23706 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <=Γ‚ 7.5.14 versions.

πŸ“– Read

via "National Vulnerability Database".
❀1
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25707 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <=Γ‚ 1.5.12 versions.

πŸ“– Read

via "National Vulnerability Database".
279 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25472 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <=Γ‚ 3.8.3 versions.

πŸ“– Read

via "National Vulnerability Database".
291 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25481 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <=Γ‚ 1.3.7 versions.

πŸ“– Read

via "National Vulnerability Database".
293 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  Stegano 0.11.2 πŸ› 

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
Stegano 0.11.2 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
299 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking πŸ•΄

A February 2022 attack, knocked the giant tire maker's North American operations offline for several days.

πŸ“– Read

via "Dark Reading".
Dark Reading
Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking
A February 2022 attack knocked the giant tire maker's North American operations offline for several days.
350 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses πŸ•΄

Threat actors are circumventing geo-location-based security detections, using a combination of cybercrime-as-a-service platforms and the purchasing of local IP addresses.

πŸ“– Read

via "Dark Reading".
Dark Reading
Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses
Threat actors are circumventing geo-location-based security detections, using a combination of cybercrime-as-a-service platforms and the purchasing of local IP addresses.
337 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30440 β€Ό

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175.

πŸ“– Read

via "National Vulnerability Database".
❀1
298 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33359 β€Ό

Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function.

πŸ“– Read

via "National Vulnerability Database".
291 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25056 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed Them Social plugin <=Γ‚ 3.0.2 versions.

πŸ“– Read

via "National Vulnerability Database".
262 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33617 β€Ό

An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter.

πŸ“– Read

via "National Vulnerability Database".
218 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33361 β€Ό

Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.

πŸ“– Read

via "National Vulnerability Database".
205 views