πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0971 β€Ό

A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.

πŸ“– Read

via "National Vulnerability Database".
350 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25435 β€Ό

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.

πŸ“– Read

via "National Vulnerability Database".
347 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33591 β€Ό

User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.

πŸ“– Read

via "National Vulnerability Database".
365 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-0969 β€Ό

A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory.

πŸ“– Read

via "National Vulnerability Database".
376 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33289 β€Ό

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs.

πŸ“– Read

via "National Vulnerability Database".
400 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Beware bad passwords as attackers co-opt Linux servers into cybercrime ⚠

Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that?

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
❀1πŸ‘1
427 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Apple patch fixes zero-day kernel hole reported by Kaspersky – update now! ⚠

Apple didn't use the words "Triangulation Trojan", but you probably will.

πŸ“– Read

via "Naked Security".
479 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Ironscales Adds AI Assistant to Suss Out Phishing Attempts πŸ•΄

The company says its Themis Co-pilot for Outlook helps recipients discern business email compromise attacks, reducing false positives for security staff.

πŸ“– Read

via "Dark Reading".
Dark Reading
Ironscales Adds AI Assistant to Suss Out Phishing Attempts
The company says its Themis Co-pilot for Outlook helps recipients discern business email compromise attacks, reducing false positives for security staff.
591 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28956 β€Ό

IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. IBM X-Force ID: 251767.

πŸ“– Read

via "National Vulnerability Database".
602 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33842 β€Ό

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.

πŸ“– Read

via "National Vulnerability Database".
❀1
646 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28166 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <=Γ‚ 1.0.0 versions.

πŸ“– Read

via "National Vulnerability Database".
❀1
611 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27413 β€Ό

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <=Γ‚ 2.4.4 versions.

πŸ“– Read

via "National Vulnerability Database".
606 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29708 β€Ό

An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.

πŸ“– Read

via "National Vulnerability Database".
❀1
581 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign πŸ•΄

The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.

πŸ“– Read

via "Dark Reading".
Dark Reading
2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.
563 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Lessons From a Pen Tester: 3 Steps to Stay Safer πŸ•΄

From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.

πŸ“– Read

via "Dark Reading".
Dark Reading
Lessons From a Pen Tester: 3 Steps to Stay Safer
From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.
493 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27452 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator Γ’β‚¬β€œ easily Button Builder plugin <=Γ‚ 2.3.3 versions.

πŸ“– Read

via "National Vulnerability Database".
461 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35093 β€Ό

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin Γ’β‚¬β€œ for Online Courses and Education plugin <=Γ‚ 3.0.8 versions allowsΓ‚ any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order likeΓ‚ email, username, and more.

πŸ“– Read

via "National Vulnerability Database".
❀1
460 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ IT Staff Increasingly Saddled With Data Protection Compliance πŸ•΄

Compliance, seen as a burden for businesses, is being passed to overloaded IT departments β€” leaving organizations unsure if they're compliant at all.

πŸ“– Read

via "Dark Reading".
Dark Reading
IT Staff Increasingly Saddled With Data Protection Compliance
Compliance, seen as a burden for businesses, is being passed to overloaded IT departments β€” leaving organizations unsure if they're compliant at all.
475 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 6 Attack Surfaces You Must Protect πŸ•΄

More connectivity means more potential ways into your enterprise, so securing every main attack surface is imperative.

πŸ“– Read

via "Dark Reading".
Dark Reading
6 Attack Surfaces You Must Protect
More connectivity means more potential ways into your enterprise, so securing every main attack surface is imperative.
434 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild πŸ•΄

A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.

πŸ“– Read

via "Dark Reading".
Dark Reading
Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.
407 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36362 β€Ό

An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

πŸ“– Read

via "National Vulnerability Database".
386 views