πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0972 β€Ό

Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

πŸ“– Read

via "National Vulnerability Database".
361 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24261 β€Ό

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.

πŸ“– Read

via "National Vulnerability Database".
343 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3110 β€Ό

Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

πŸ“– Read

via "National Vulnerability Database".
344 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0970 β€Ό

Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code.

πŸ“– Read

via "National Vulnerability Database".
351 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0971 β€Ό

A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.

πŸ“– Read

via "National Vulnerability Database".
350 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25435 β€Ό

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.

πŸ“– Read

via "National Vulnerability Database".
347 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33591 β€Ό

User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.

πŸ“– Read

via "National Vulnerability Database".
365 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0969 β€Ό

A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory.

πŸ“– Read

via "National Vulnerability Database".
376 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33289 β€Ό

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs.

πŸ“– Read

via "National Vulnerability Database".
400 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Beware bad passwords as attackers co-opt Linux servers into cybercrime ⚠

Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that?

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
❀1πŸ‘1
427 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Apple patch fixes zero-day kernel hole reported by Kaspersky – update now! ⚠

Apple didn't use the words "Triangulation Trojan", but you probably will.

πŸ“– Read

via "Naked Security".
479 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Ironscales Adds AI Assistant to Suss Out Phishing Attempts πŸ•΄

The company says its Themis Co-pilot for Outlook helps recipients discern business email compromise attacks, reducing false positives for security staff.

πŸ“– Read

via "Dark Reading".
Dark Reading
Ironscales Adds AI Assistant to Suss Out Phishing Attempts
The company says its Themis Co-pilot for Outlook helps recipients discern business email compromise attacks, reducing false positives for security staff.
591 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28956 β€Ό

IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. IBM X-Force ID: 251767.

πŸ“– Read

via "National Vulnerability Database".
602 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33842 β€Ό

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.

πŸ“– Read

via "National Vulnerability Database".
❀1
646 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28166 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <=Γ‚ 1.0.0 versions.

πŸ“– Read

via "National Vulnerability Database".
❀1
611 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27413 β€Ό

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <=Γ‚ 2.4.4 versions.

πŸ“– Read

via "National Vulnerability Database".
606 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29708 β€Ό

An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.

πŸ“– Read

via "National Vulnerability Database".
❀1
581 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign πŸ•΄

The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.

πŸ“– Read

via "Dark Reading".
Dark Reading
2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.
563 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Lessons From a Pen Tester: 3 Steps to Stay Safer πŸ•΄

From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.

πŸ“– Read

via "Dark Reading".
Dark Reading
Lessons From a Pen Tester: 3 Steps to Stay Safer
From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.
493 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27452 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator Γ’β‚¬β€œ easily Button Builder plugin <=Γ‚ 2.3.3 versions.

πŸ“– Read

via "National Vulnerability Database".
461 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35093 β€Ό

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin Γ’β‚¬β€œ for Online Courses and Education plugin <=Γ‚ 3.0.8 versions allowsΓ‚ any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order likeΓ‚ email, username, and more.

πŸ“– Read

via "National Vulnerability Database".
❀1
460 views