๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30577 โ€ผ

AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.

๐Ÿ“– Read

via "National Vulnerability Database".
576 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30949 โ€ผ

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.

๐Ÿ“– Read

via "National Vulnerability Database".
547 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3414 โ€ผ

A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information.ร‚ To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.

๐Ÿ“– Read

via "National Vulnerability Database".
582 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3442 โ€ผ

A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information.ร‚ To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.

๐Ÿ“– Read

via "National Vulnerability Database".
626 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3242 โ€ผ

Allocation of Resources Without Limits or Throttling, Improper Initialization vulnerability in B&R Industrial Automation B&R Automation Runtime allows Flooding, Leveraging Race Conditions.This issue affects B&R Automation Runtime: <G4.93.

๐Ÿ“– Read

via "National Vulnerability Database".
696 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-28013 โ€ผ

HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.

๐Ÿ“– Read

via "National Vulnerability Database".
672 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3451 โ€ผ

** REJECT ** Duplicate CVE. Please use CVE-2023-32297.

๐Ÿ“– Read

via "National Vulnerability Database".
726 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  Zenbleed: How the quest for CPU performance could put your passwords at risk โš 

You need to turn on a special setting to stop (the code you wrote to stop [the code you wrote to improve performance] from reducing performance) from reducing security.

๐Ÿ“– Read

via "Naked Security".
Sophos News
Naked Security โ€“ Sophos News
646 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ“ข Simplifying Surveillance: Key Factors to Consider for a Successful System Setup ๐Ÿ“ข

Unlocking the Secrets of Surveillance: Avoiding Costly Oversights and Simplifying Operations

๐Ÿ“– Read

via "ITPro".
ITPro
Simplifying Surveillance: Key Factors to Consider for a Successful System Setup
Unlocking the Secrets of Surveillance: Avoiding Costly Oversights and Simplifying Operations
550 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3970 โ€ผ

A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
481 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3969 โ€ผ

A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promo_code leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235568.

๐Ÿ“– Read

via "National Vulnerability Database".
444 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ›  TOR Virtual Network Tunneling Tool 0.4.7.14 ๐Ÿ› 

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

๐Ÿ“– Read

via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.7.14 โ‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
465 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿฆฟ 4 Most Dangerous and Destructive Ransomware Groups of 2023 ๐Ÿฆฟ

As ransomware attacks continue, a few key groups have inflicted some of the greatest damage to their victims. Use this guide to learn about their targets and tactics as well as how to safeguard against their attacks.

๐Ÿ“– Read

via "Tech Republic".
TechRepublic
4 Most Dangerous and Destructive Ransomware Groups of 2022
Use this guide to stay informed about the tactics and targets of some of the most dangerous and destructive ransomware groups.
464 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37980 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Custom Field For WP Job Manager plugin <=ร‚ 1.1 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ‘1
388 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-38512 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream รขโ‚ฌโ€œ Live Streaming, Video on Demand, Pay Per View plugin <=ร‚ 4.5.4 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
375 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37976 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Forge Muses Player with Skins plugin <=ร‚ 2.5 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
355 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3975 โ€ผ

OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0.

๐Ÿ“– Read

via "National Vulnerability Database".
307 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3974 โ€ผ

OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0.

๐Ÿ“– Read

via "National Vulnerability Database".
274 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37979 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <=ร‚ 3.6.25 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
268 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3973 โ€ผ

Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.

๐Ÿ“– Read

via "National Vulnerability Database".
260 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-38490 โ€ผ

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the `Xml` data handler (e.g. `Data::decode($string, 'xml')`) or the `Xml::parse()` method in site or plugin code. The Kirby core does not use any of the affected methods.XML External Entities (XXE) is a little used feature in the XML markup language that allows to include data from external files in an XML structure. If the name of the external file can be controlled by an attacker, this becomes a vulnerability that can be abused for various system impacts like the disclosure of internal or confidential data that is stored on the server (arbitrary file disclosure) or to perform network requests on behalf of the server (server-side request forgery, SSRF).Kirby's `Xml::parse()` method used PHP's `LIBXML_NOENT` constant, which enabled the processing of XML external entities during the parsing operation. The `Xml::parse()` method is used in the `Xml` data handler (e.g. `Data::decode($string, 'xml')`). Both the vulnerable method and the data handler are not used in the Kirby core. However they may be used in site or plugin code, e.g. to parse RSS feeds or other XML files. If those files are of an external origin (e.g. uploaded by a user or retrieved from an external URL), attackers may be able to include an external entity in the XML file that will then be processed in the parsing process. Kirby sites that don't use XML parsing in site or plugin code are *not* affected.The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and Kirby 3.9.6. In all of the mentioned releases, the maintainers have removed the `LIBXML_NOENT` constant as processing of external entities is out of scope of the parsing logic. This protects all uses of the method against the described vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
248 views