πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Thoughts on scheduled password changes (don’t call them rotations!) ⚠

Does swapping your password regularly make it a better password?

πŸ“– Read

via "Naked Security".
Naked Security
Thoughts on scheduled password changes (don’t call them rotations!)
Does swapping your password regularly make it a better password?
446 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ More MOVEit mitigations: new patches published for further protection ⚠

Good news... more patches, this time available proactively

πŸ“– Read

via "Naked Security".
Naked Security
More MOVEit mitigations: new patches published for further protection
Good news… more patches, this time available proactively
523 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29752 β€Ό

An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.

πŸ“– Read

via "National Vulnerability Database".
536 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29755 β€Ό

An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

πŸ“– Read

via "National Vulnerability Database".
602 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Passkeys See Fresh Momentum With New Pilot Programs πŸ•΄

Apple adds API that will enable sharing of passkeys across platforms, and Google offers passkey authentication in beta for Google Workspace and Google Cloud.

πŸ“– Read

via "Dark Reading".
Dark Reading
Passkeys See Fresh Momentum With New Pilot Programs
Apple adds API that will enable sharing of passkeys across platforms, and Google offers passkey authentication in beta for Google Workspace and Google Cloud.
823 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3188 β€Ό

Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.

πŸ“– Read

via "National Vulnerability Database".
935 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3191 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

πŸ“– Read

via "National Vulnerability Database".
948 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3190 β€Ό

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

πŸ“– Read

via "National Vulnerability Database".
1.05K views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3192 β€Ό

Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.

πŸ“– Read

via "National Vulnerability Database".
997 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25912 β€Ό

The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.

πŸ“– Read

via "National Vulnerability Database".
968 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-22586 β€Ό

The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter.

πŸ“– Read

via "National Vulnerability Database".
999 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35036 β€Ό

In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

πŸ“– Read

via "National Vulnerability Database".
849 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35031 β€Ό

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036.

πŸ“– Read

via "National Vulnerability Database".
835 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Fighting the β€˜always on’ culture that’s savaging mental health in cyber security πŸ“’

With personnel already stretched due to skills shortages, workplace pressure is causing a mental health nightmare

πŸ“– Read

via "ITPro".
ITPro
Fighting the β€˜always on’ culture that’s savaging mental health in cyber security
With personnel already stretched due to skills shortages, workplace pressure is causing a mental health nightmare
768 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2015-10118 β€Ό

A vulnerability classified as problematic was found in cchetanonline WP-CopyProtect up to 3.0.0. This vulnerability affects the function CopyProtect_options_page of the file wp-copyprotect.php. The manipulation of the argument CopyProtect_nrc_text leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.1.0 is able to address this issue. The patch is identified as 8b8fe4102886b326330dc1ff06b17313fb10aee5. It is recommended to upgrade the affected component. VDB-231202 is the identifier assigned to this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
744 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Log4J exploits may rise further as Microsoft continues war on phishing πŸ“’

Despite Log4J patches being made almost immediately in 2021, exploit attempts are still in the tens of millions

πŸ“– Read

via "ITPro".
ITPro
Log4J exploits may rise further as Microsoft continues war on phishing
Despite Log4J patches being made almost immediately in 2021, exploit attempts are still in the tens of millions
677 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Doing Less With Less: Focusing on Value πŸ•΄

Always reach for defense in depth with proposed security changes. Measure and test results, focus on items of greatest impact, and get C-suite members involved to drive better outcomes.

πŸ“– Read

via "Dark Reading".
Dark Reading
Doing Less With Less: Focusing on Value
Always reach for defense in depth with proposed security changes. Measure and test results, focus on items of greatest impact, and get C-suite members involved to drive better outcomes.
617 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33492 β€Ό

EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).

πŸ“– Read

via "National Vulnerability Database".
❀1
545 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33253 β€Ό

LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.

πŸ“– Read

via "National Vulnerability Database".
❀1
564 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-34581 β€Ό

Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2

πŸ“– Read

via "National Vulnerability Database".
518 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32961 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <=Γ‚ 7.3.3 versions.

πŸ“– Read

via "National Vulnerability Database".
528 views