πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
26K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-4921 β€Ό

Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
689 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-4923 β€Ό

Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)

πŸ“– Read

via "National Vulnerability Database".
796 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-37214 β€Ό

Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025.

πŸ“– Read

via "National Vulnerability Database".
651 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-37213 β€Ό

Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection'

πŸ“– Read

via "National Vulnerability Database".
696 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32227 β€Ό

Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials

πŸ“– Read

via "National Vulnerability Database".
751 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32226 β€Ό

Sysaid - CWE-552: Files or Directories Accessible to External Parties -Γ‚ Authenticated users may exfiltrate files from the server via an unspecified method.

πŸ“– Read

via "National Vulnerability Database".
780 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32225 β€Ό

Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -Γ‚ A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.

πŸ“– Read

via "National Vulnerability Database".
731 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-37215 β€Ό

JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials

πŸ“– Read

via "National Vulnerability Database".
πŸ‘2
759 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4005 β€Ό

Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.

πŸ“– Read

via "National Vulnerability Database".
608 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4007 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

πŸ“– Read

via "National Vulnerability Database".
603 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4006 β€Ό

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

πŸ“– Read

via "National Vulnerability Database".
575 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35019 β€Ό

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.

πŸ“– Read

via "National Vulnerability Database".
475 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35016 β€Ό

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772.

πŸ“– Read

via "National Vulnerability Database".
396 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-43831 β€Ό

IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941.

πŸ“– Read

via "National Vulnerability Database".
402 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24971 β€Ό

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976.

πŸ“– Read

via "National Vulnerability Database".
422 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4868 β€Ό

IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744.

πŸ“– Read

via "National Vulnerability Database".
463 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-22595 β€Ό

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
484 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Server Inventory Checklist 🦿

It’s important to maintain accurate infrastructure inventories to assist secure and effective network administration. A checklist, like the accompanying file from TechRepublic Premium, is an easy and efficient way to begin the process of maintaining accurate infrastructure inventories. From the checklist: DON’T FORGET ABOUT FORGOTTEN SYSTEMS It’s common for technical network audits to surface forgotten ...

πŸ“– Read

via "Tech Republic".
TechRepublic
Server Inventory Checklist
It’s important to maintain accurate infrastructure inventories to assist secure and effective network administration. A checklist, like the accompanying
πŸ‘2
452 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Four measures SMBs can take to avoid common security pitfalls πŸ“’

Security can be challenging for SMBs, but it’s possible to make yourself more resilient to reduce the impact of cyber attacks

πŸ“– Read

via "ITPro".
ITPro
Four measures SMBs can take to avoid common security pitfalls
Security can be challenging for SMBs, but it’s possible to make yourself more resilient to reduce the impact of cyber attacks
434 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ SEC data breach rules branded β€œworryingly vague” by industry body πŸ“’

The new rules announced last week leave many questions unanswered, according to security industry experts

πŸ“– Read

via "ITPro".
ITPro
SEC data breach rules branded β€œworryingly vague” by industry body
The new rules announced last week leave many questions unanswered, according to security industry experts
401 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-34360 β€Ό

A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.Γ‚  After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
390 views