🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.9K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.9K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-33362 ‼

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.

📖 Read

via "National Vulnerability Database".
272 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23713 ‼

Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Theme Tweaker plugin <= 5.20 versions.

📖 Read

via "National Vulnerability Database".
293 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 A New Look for Risk in Awareness Training 🕴

Changes in the way risk is viewed are leading to changes in the way training is conducted.

📖 Read

via "Dark Reading".
Dark Reading
A New Look for Risk in Awareness Training
Changes in the way risk is viewed are leading to changes in the way training is conducted.
346 views
🛡 Cybersecurity & Privacy 🛡 - News
âš  PyPI open-source code repository deals with manic malware maelstrom âš 

Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future...

📖 Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
398 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-25474 ‼

Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin <= 2.2.6 versions.

📖 Read

via "National Vulnerability Database".
361 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-1209 ‼

Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.

📖 Read

via "National Vulnerability Database".
377 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 What Security Professionals Need to Know About Aggregate Cyber Risk 🕴

Widespread cyber incidents will happen, but unlike for natural disasters, specific security controls can help prevent a catastrophe.

📖 Read

via "Dark Reading".
Dark Reading
What Security Professionals Need to Know About Aggregate Cyber-Risk
Widespread cyber incidents will happen, but unlike natural disasters, specific security controls can help prevent a catastrophe.
375 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-1837 ‼

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs)

📖 Read

via "National Vulnerability Database".
312 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 SuperMailer Abuse Bypasses Email Security for Super-Sized Credential Theft 🕴

Secure email gateways and end users alike are being fooled by a cyberattack campaign that's enjoying skyrocketing volumes against businesses in every industry, globally.

📖 Read

via "Dark Reading".
Dark Reading
SuperMailer Abuse Bypasses Email Security for Super-Sized Credential Theft
Secure email gateways and end users alike are being fooled by a cyberattack campaign that's enjoying skyrocketing volumes against businesses in every industry, globally.
300 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-31518 ‼

A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file.

📖 Read

via "National Vulnerability Database".
258 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-31752 ‼

SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php.

📖 Read

via "National Vulnerability Database".
237 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23298 ‼

The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.

📖 Read

via "National Vulnerability Database".
232 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23300 ‼

The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.

📖 Read

via "National Vulnerability Database".
217 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23303 ‼

The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.

📖 Read

via "National Vulnerability Database".
210 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-31860 ‼

Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.

📖 Read

via "National Vulnerability Database".
213 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23302 ‼

The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.

📖 Read

via "National Vulnerability Database".
213 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23305 ‼

The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.

📖 Read

via "National Vulnerability Database".
212 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-31517 ‼

Teeworlds v0.7.5 was discovered to contain memory leaks.

📖 Read

via "National Vulnerability Database".
210 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23304 ‼

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information.

📖 Read

via "National Vulnerability Database".
226 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-1508 ‼

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.This issue affects Mobilmen Terminal Software: before 3.

📖 Read

via "National Vulnerability Database".
235 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23299 ‼

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.

📖 Read

via "National Vulnerability Database".
250 views