๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-40303 โ€ผ

GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.

๐Ÿ“– Read

via "National Vulnerability Database".
427 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด 5 Ways CISA Can Help Cyber-Poor Small Businesses & Local Governments ๐Ÿ•ด

Adopting these recommendations will help SMBs and public-sector agencies that must deal with the same questions of network security and data safety as their larger cousins, but without the same resources.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
5 Ways CISA Can Help Cyber-Poor Small Businesses & Local Governments
Adopting these recommendations will help SMBs and public-sector agencies that must deal with the same questions of network security and data safety as their larger cousins, but without the same resources.
402 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30186 โ€ผ

A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.

๐Ÿ“– Read

via "National Vulnerability Database".
314 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30187 โ€ผ

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.

๐Ÿ“– Read

via "National Vulnerability Database".
311 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30188 โ€ผ

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.

๐Ÿ“– Read

via "National Vulnerability Database".
316 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37847 โ€ผ

novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
315 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37070 โ€ผ

Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)

๐Ÿ“– Read

via "National Vulnerability Database".
333 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  Crimeware server used by NetWalker ransomware seized and shut down โš 

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

๐Ÿ“– Read

via "Naked Security".
Sophos News
Naked Security โ€“ Sophos News
344 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ“ข Stealthy Kerberoasting attacks surge and lend support to latest ransomware trend ๐Ÿ“ข

Kerberoasting techniques could be emerging as a viable alternative to traditional ransomware attacks, experts have warned

๐Ÿ“– Read

via "ITPro".
ITPro
Stealthy Kerberoasting attacks surge and lend support to latest ransomware trend
Kerberoasting techniques could be emerging as a viable alternative to traditional ransomware attacks, experts have warned
324 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models ๐Ÿ•ด

Company's experience highlights the tightrope tech organizations walk when integrating AI into their products and services.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models
Company's experience highlights the tightrope tech organizations walk when integrating AI into their products and services.
294 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30749 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihomefinder Optima Express + MarketBoost IDX Plugin plugin <=ร‚ 7.3.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
248 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30483 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <=ร‚ 3.3.9.2 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
240 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29097 โ€ผ

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3rev Software a3 Portfolio plugin <=ร‚ 3.1.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
233 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30475 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin รขโ‚ฌโ€œ Coupon Affiliates plugin <=ร‚ 5.4.5 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
212 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-31041 โ€ผ

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.

๐Ÿ“– Read

via "National Vulnerability Database".
208 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30754 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly AdFoxly รขโ‚ฌโ€œ Ad Manager, AdSense Ads & Ads.Txt plugin <=ร‚ 1.8.5 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
204 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30751 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iControlWP Article Directory Redux plugin <=ร‚ 1.0.2 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
220 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30752 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Silvia Pfeiffer and Andrew Nimmo External Videos plugin <=ร‚ 2.0.1 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
249 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30477 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essitco AFFILIATE Solution plugin <=ร‚ 1.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
269 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-28535 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paytm Paytm Payment Donation plugin <=ร‚ 2.2.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
267 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30489 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <=ร‚ 1.2.16 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
288 views