πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30188 β€Ό

Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.

πŸ“– Read

via "National Vulnerability Database".
316 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-37847 β€Ό

novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.

πŸ“– Read

via "National Vulnerability Database".
315 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-37070 β€Ό

Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)

πŸ“– Read

via "National Vulnerability Database".
333 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Crimeware server used by NetWalker ransomware seized and shut down ⚠

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
344 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Stealthy Kerberoasting attacks surge and lend support to latest ransomware trend πŸ“’

Kerberoasting techniques could be emerging as a viable alternative to traditional ransomware attacks, experts have warned

πŸ“– Read

via "ITPro".
ITPro
Stealthy Kerberoasting attacks surge and lend support to latest ransomware trend
Kerberoasting techniques could be emerging as a viable alternative to traditional ransomware attacks, experts have warned
324 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models πŸ•΄

Company's experience highlights the tightrope tech organizations walk when integrating AI into their products and services.

πŸ“– Read

via "Dark Reading".
Dark Reading
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models
Company's experience highlights the tightrope tech organizations walk when integrating AI into their products and services.
294 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30749 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihomefinder Optima Express + MarketBoost IDX Plugin plugin <=Γ‚ 7.3.0 versions.

πŸ“– Read

via "National Vulnerability Database".
248 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30483 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <=Γ‚ 3.3.9.2 versions.

πŸ“– Read

via "National Vulnerability Database".
240 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29097 β€Ό

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3rev Software a3 Portfolio plugin <=Γ‚ 3.1.0 versions.

πŸ“– Read

via "National Vulnerability Database".
233 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30475 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin Γ’β‚¬β€œ Coupon Affiliates plugin <=Γ‚ 5.4.5 versions.

πŸ“– Read

via "National Vulnerability Database".
212 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31041 β€Ό

An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30754 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly AdFoxly Γ’β‚¬β€œ Ad Manager, AdSense Ads & Ads.Txt plugin <=Γ‚ 1.8.5 versions.

πŸ“– Read

via "National Vulnerability Database".
204 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30751 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iControlWP Article Directory Redux plugin <=Γ‚ 1.0.2 versions.

πŸ“– Read

via "National Vulnerability Database".
220 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30752 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Silvia Pfeiffer and Andrew Nimmo External Videos plugin <=Γ‚ 2.0.1 versions.

πŸ“– Read

via "National Vulnerability Database".
249 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30477 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essitco AFFILIATE Solution plugin <=Γ‚ 1.0 versions.

πŸ“– Read

via "National Vulnerability Database".
269 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28535 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paytm Paytm Payment Donation plugin <=Γ‚ 2.2.0 versions.

πŸ“– Read

via "National Vulnerability Database".
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30489 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <=Γ‚ 1.2.16 versions.

πŸ“– Read

via "National Vulnerability Database".
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Health Data of 4M Stolen in Cl0p MOVEit Breach of Colorado Department πŸ•΄

State's Department of Health Care Policy & Financing is the latest to acknowledge an attack by the Russian group's ongoing exploitation of third-party systems.

πŸ“– Read

via "Dark Reading".
Dark Reading
Health Data of 4M Stolen in Cl0p MOVEit Breach of Colorado Department
State's Department of Health Care Policy & Financing is the latest to acknowledge an attack by the Russian group's ongoing exploitation of third-party systems.
307 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  jSQL Injection 0.91 πŸ› 

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
jSQL Injection 0.91 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
282 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40359 β€Ό

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue.

πŸ“– Read

via "National Vulnerability Database".
262 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28768 β€Ό

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware versionΓ‚ V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch.

πŸ“– Read

via "National Vulnerability Database".
253 views