πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29860 β€Ό

An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method.

πŸ“– Read

via "National Vulnerability Database".
249 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3302 β€Ό

Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.

πŸ“– Read

via "National Vulnerability Database".
256 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-34012 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin <=Γ‚ 2.8.24 versions.

πŸ“– Read

via "National Vulnerability Database".
265 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32580 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <=Γ‚ 2.6.2 versions.

πŸ“– Read

via "National Vulnerability Database".
271 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3304 β€Ό

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

πŸ“– Read

via "National Vulnerability Database".
287 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28751 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpmet Wp Ultimate Review plugin <=Γ‚ 2.0.3 versions.

πŸ“– Read

via "National Vulnerability Database".
307 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29100 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Theme The7 plugin <=Γ‚ 11.6.0 versions.

πŸ“– Read

via "National Vulnerability Database".
323 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3303 β€Ό

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

πŸ“– Read

via "National Vulnerability Database".
344 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep140: So you think you know ransomware? ⚠

Lots to learn this week - listen now! (Full transcript inside.)

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
374 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Aussie PM says, β€œShut down your phone every 24 hours for 5 mins” – but that’s not enough on its own ⚠

Don't treat rebooting your phone once a day as a cybersecurity talisman... here are 8 additional tips for better mobile phone security.

πŸ“– Read

via "Naked Security".
445 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36274 β€Ό

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.

πŸ“– Read

via "National Vulnerability Database".
378 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36271 β€Ό

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.

πŸ“– Read

via "National Vulnerability Database".
382 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Black Hat Asia 2023: Cybersecurity Maturity and Concern in Asia πŸ•΄

Black Hat Asia 2023 showed that cybersecurity is nascent among organizations in Asia with opportunities for improvement.

πŸ“– Read

via "Dark Reading".
Dark Reading
Black Hat Asia 2023: Cybersecurity Maturity and Concern in Asia
Black Hat Asia 2023 showed that cybersecurity is nascent among organizations in Asia with opportunities for improvement.
377 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Microsoft Teams Attack Skips the Phish to Deliver Malware Directly πŸ•΄

Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization's employees, but no patch is imminent.

πŸ“– Read

via "Dark Reading".
Dark Reading
Microsoft Teams Attack Skips the Phish to Deliver Malware Directly
Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization's employees, but no patch is imminent.
375 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Why Legacy System Users Prioritize Uptime Over Security πŸ•΄

For line-of-business execs, the fear of grinding mission-critical systems to a halt overrides the fear of ransomware. How can CISOs overcome this?

πŸ“– Read

via "Dark Reading".
Dark Reading
Why Legacy System Users Prioritize Uptime Over Security
For line-of-business execs, the fear of mission-critical systems grinding to a halt overrides their cybersecurity concerns. How can CISOs overcome this?
386 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-34466 β€Ό

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.

πŸ“– Read

via "National Vulnerability Database".
376 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35151 β€Ό

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
397 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Suspicious Smartwatches Mailed to US Army Personnel πŸ•΄

Unknown senders have been shipping smartwatches to service members, leading to questions regarding what kind of ulterior motive is at play, malware or otherwise.

πŸ“– Read

via "Dark Reading".
Dark Reading
Suspicious Smartwatches Mailed to US Army Personnel
Unknown senders have been shipping smartwatches to service members, leading to questions regarding what kind of ulterior motive is at play, malware or otherwise.
365 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-42807 β€Ό

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key

πŸ“– Read

via "National Vulnerability Database".
❀1
345 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35159 β€Ό

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 3.4-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.

πŸ“– Read

via "National Vulnerability Database".
342 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-42834 β€Ό

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression

πŸ“– Read

via "National Vulnerability Database".
335 views