๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด 20 Year-Old Chinese APT15 Finds New Life in Foreign Ministry Attacks ๐Ÿ•ด

The notorious APT15 used common malware tools and a third-generation custom 'Graphican' backdoor to continue its information gathering exploits, this time against foreign ministries.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
20-Year-Old Chinese APT15 Finds New Life in Foreign Ministry Attacks
The notorious APT15 used common malware tools and a third-generation custom "Graphican" backdoor to continue its information gathering exploits, this time against foreign ministries.
383 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-0972 โ€ผ

Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

๐Ÿ“– Read

via "National Vulnerability Database".
361 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24261 โ€ผ

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.

๐Ÿ“– Read

via "National Vulnerability Database".
343 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3110 โ€ผ

Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

๐Ÿ“– Read

via "National Vulnerability Database".
344 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-0970 โ€ผ

Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code.

๐Ÿ“– Read

via "National Vulnerability Database".
351 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-0971 โ€ผ

A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.

๐Ÿ“– Read

via "National Vulnerability Database".
350 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25435 โ€ผ

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.

๐Ÿ“– Read

via "National Vulnerability Database".
347 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33591 โ€ผ

User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.

๐Ÿ“– Read

via "National Vulnerability Database".
365 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-0969 โ€ผ

A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory.

๐Ÿ“– Read

via "National Vulnerability Database".
376 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33289 โ€ผ

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs.

๐Ÿ“– Read

via "National Vulnerability Database".
400 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  Beware bad passwords as attackers co-opt Linux servers into cybercrime โš 

Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that?

๐Ÿ“– Read

via "Naked Security".
Sophos News
Naked Security โ€“ Sophos News
โค1๐Ÿ‘1
427 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  Apple patch fixes zero-day kernel hole reported by Kaspersky โ€“ update now! โš 

Apple didn't use the words "Triangulation Trojan", but you probably will.

๐Ÿ“– Read

via "Naked Security".
479 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Ironscales Adds AI Assistant to Suss Out Phishing Attempts ๐Ÿ•ด

The company says its Themis Co-pilot for Outlook helps recipients discern business email compromise attacks, reducing false positives for security staff.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Ironscales Adds AI Assistant to Suss Out Phishing Attempts
The company says its Themis Co-pilot for Outlook helps recipients discern business email compromise attacks, reducing false positives for security staff.
591 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-28956 โ€ผ

IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. IBM X-Force ID: 251767.

๐Ÿ“– Read

via "National Vulnerability Database".
602 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33842 โ€ผ

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.

๐Ÿ“– Read

via "National Vulnerability Database".
โค1
646 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-28166 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <=ร‚ 1.0.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
โค1
611 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-27413 โ€ผ

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <=ร‚ 2.4.4 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
606 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29708 โ€ผ

An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.

๐Ÿ“– Read

via "National Vulnerability Database".
โค1
581 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด 2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign ๐Ÿ•ด

The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.
563 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Lessons From a Pen Tester: 3 Steps to Stay Safer ๐Ÿ•ด

From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Lessons From a Pen Tester: 3 Steps to Stay Safer
From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.
493 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-27452 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator รขโ‚ฌโ€œ easily Button Builder plugin <=ร‚ 2.3.3 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
461 views