πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.9K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.9K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30382 β€Ό

A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters.

πŸ“– Read

via "National Vulnerability Database".
392 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31759 β€Ό

Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack.

πŸ“– Read

via "National Vulnerability Database".
350 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31761 β€Ό

Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.

πŸ“– Read

via "National Vulnerability Database".
355 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31763 β€Ό

Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.

πŸ“– Read

via "National Vulnerability Database".
352 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2496 β€Ό

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible.

πŸ“– Read

via "National Vulnerability Database".
317 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2498 β€Ό

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

πŸ“– Read

via "National Vulnerability Database".
351 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31762 β€Ό

Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack.

πŸ“– Read

via "National Vulnerability Database".
386 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2494 β€Ό

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.

πŸ“– Read

via "National Vulnerability Database".
434 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Rogue IT worker extorted company after hijacking ransomware attack πŸ“’

Liles’ involvement in the scheme was revealed after unauthorized email access was traced to his home address

πŸ“– Read

via "ITPro".
ITPro
Rogue IT worker extorted company after hijacking ransomware attack
Liles’ involvement in the scheme was revealed after unauthorized email access was traced to his home address
392 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Azure AD vulnerability gave attackers backdoor authentication control πŸ“’

Secureworks shared its findings with Microsoft in 2022, and the company has since issued changes to improve audit logs

πŸ“– Read

via "ITPro".
ITPro
Azure AD vulnerability gave attackers backdoor authentication control
Secureworks shared its findings with Microsoft in 2022, and the company has since issued changes to improve audit logs
392 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Do risk awareness and risk management strategies actually make a difference? πŸ“’

If cyber attacks are a matter of when, not if, it's tempting to ask whether risk awareness and risk management are effective

πŸ“– Read

via "ITPro".
ITPro
Do risk awareness and risk management strategies actually make a difference?
If cyber attacks are a matter of when, not if, it's tempting to ask whether risk awareness and risk management are effective
378 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2859 β€Ό

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

πŸ“– Read

via "National Vulnerability Database".
373 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0357 β€Ό

Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.This issue affects:Bitdefender Total Securityversions prior to 26.0.10.45.Bitdefender Internet Securityversions prior to 26.0.10.45.Bitdefender Antivirus Plusversions prior to 26.0.10.45.

πŸ“– Read

via "National Vulnerability Database".
430 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1424 β€Ό

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.

πŸ“– Read

via "National Vulnerability Database".
472 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 5 Questions to Ask When Evaluating a New Cybersecurity Technology πŸ•΄

Any new cybersecurity technology should be not just a neutral addition to a security stack but a benefit to the other technologies or people managing them.

πŸ“– Read

via "Dark Reading".
Dark Reading
5 Questions to Ask When Evaluating a New Cybersecurity Technology
Any new cybersecurity technology should be not just a neutral addition to a security stack but a benefit to the other technologies or people managing them.
422 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2750 β€Ό

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05.

πŸ“– Read

via "National Vulnerability Database".
366 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33009 β€Ό

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

πŸ“– Read

via "National Vulnerability Database".
344 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33937 β€Ό

Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field.

πŸ“– Read

via "National Vulnerability Database".
330 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33010 β€Ό

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

πŸ“– Read

via "National Vulnerability Database".
380 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2065 β€Ό

Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass.This issue affects Cargo Tracking System: before 3558f28 .

πŸ“– Read

via "National Vulnerability Database".
397 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Israeli Shipping, Logistics Companies Targeted in Watering Hole Attacks πŸ•΄

Researchers say the Iranian nation-state actor known as Tortoiseshell could be behind the attacks.

πŸ“– Read

via "Dark Reading".
Dark Reading
Israeli Shipping, Logistics Companies Targeted in Watering Hole Attacks
Researchers say the Iranian nation-state actor known as Tortoiseshell could be behind the attacks.
389 views