πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29349 β€Ό

Microsoft ODBC and OLE DB Remote Code Execution Vulnerability

πŸ“– Read

via "National Vulnerability Database".
446 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32027 β€Ό

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

πŸ“– Read

via "National Vulnerability Database".
483 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-34845 β€Ό

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file.

πŸ“– Read

via "National Vulnerability Database".
516 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32026 β€Ό

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

πŸ“– Read

via "National Vulnerability Database".
500 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3291 β€Ό

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.

πŸ“– Read

via "National Vulnerability Database".
535 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2788 β€Ό

Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.

πŸ“– Read

via "National Vulnerability Database".
512 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-34154 β€Ό

Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.

πŸ“– Read

via "National Vulnerability Database".
522 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2786 β€Ό

Mattermost fails to properly check theΓ‚ permissions when executing commands allowing a member with no permissionsΓ‚ to post a message in a channel to actually post it by executing channel commands.

πŸ“– Read

via "National Vulnerability Database".
521 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Latest arrest places LockBit firmly in the crosshairs of international cyber police πŸ“’

The threat group could be set for a fate reminiscent of REvil

πŸ“– Read

via "ITPro".
ITPro
Latest arrest places LockBit firmly in the crosshairs of international cyber police
The threat group could be set for a fate reminiscent of REvil
469 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2785 β€Ό

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation ofΓ‚ large log files

πŸ“– Read

via "National Vulnerability Database".
462 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2793 β€Ό

Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
463 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ HashiCorp Expands PAM, Secrets Management Capabilities πŸ•΄

The new privileged access management and secrets management capabilities tackles access issues and secret sprawl across the cloud environment.

πŸ“– Read

via "Dark Reading".
Dark Reading
HashiCorp Expands PAM, Secrets Management Capabilities
The new privileged access management and secrets management capabilities tackles access issues and secret sprawl across the cloud environment.
484 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cybercrime Doesn't Take a Vacation πŸ•΄

Organizations need to prepare for security threats as summer holidays approach.

πŸ“– Read

via "Dark Reading".
Dark Reading
Cybercrime Doesn't Take a Vacation
Organizations need to prepare for security threats as summer holidays approach.
453 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26537 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <=Γ‚ 1.0.2 versions.

πŸ“– Read

via "National Vulnerability Database".
❀1
431 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26527 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <=Γ‚ 1.4 versions.

πŸ“– Read

via "National Vulnerability Database".
❀2
438 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Attackers Create Synthetic Security Researchers to Steal IP πŸ•΄

Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.

πŸ“– Read

via "Dark Reading".
Dark Reading
Attackers Create Synthetic Security Researchers to Steal IP
Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.
505 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35783 β€Ό

The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data.

πŸ“– Read

via "National Vulnerability Database".
❀1
453 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Dodgy Microlending Apps Stalk MEA Users, Highlighting Cyber Maturity Gaps πŸ•΄

Mobile users in the Middle East and Africa often download moneylending apps that ask for excessive permissions β€” an all too common issue in an area where mobile-only is common and cyber awareness is low.

πŸ“– Read

via "Dark Reading".
Dark Reading
Dodgy Microlending Apps Stalk MEA Users, Highlighting Cyber Maturity Gaps
Mobile users in the Middle East and Africa often download moneylending apps that ask for excessive permissions β€” an all too common issue in an area where mobile-only is the norm and cyber awareness is low.
487 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  Suricata IDPE 6.0.13 πŸ› 

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 6.0.13 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
468 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30453 β€Ό

The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter.

πŸ“– Read

via "National Vulnerability Database".
452 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-34733 β€Ό

A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature.

πŸ“– Read

via "National Vulnerability Database".
496 views