πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4358 β€Ό

Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

πŸ“– Read

via "National Vulnerability Database".
133 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4359 β€Ό

Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)

πŸ“– Read

via "National Vulnerability Database".
141 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4368 β€Ό

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

πŸ“– Read

via "National Vulnerability Database".
147 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4362 β€Ό

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

πŸ“– Read

via "National Vulnerability Database".
166 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4361 β€Ό

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)

πŸ“– Read

via "National Vulnerability Database".
197 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4367 β€Ό

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

πŸ“– Read

via "National Vulnerability Database".
207 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4360 β€Ό

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

πŸ“– Read

via "National Vulnerability Database".
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ OX Security Receives Strategic Investment From IBM Ventures πŸ•΄



πŸ“– Read

via "Dark Reading".
Dark Reading
OX Security Receives Strategic Investment From IBM Ventures
TEL AVIV, ISRAEL August 15, 2023 β€” OX Security, a supply chain security solution and founding member of the Open Software Supply Chain Attack Reference (OSC&R), announced today that it received an investment from IBM, the leading hybrid cloud and AI company…
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service πŸ•΄

Monitoring platform is trusted by Cisco, Savannah River Nuclear Solutions, and others in CISA's critical infrastructure Sectors, say Synopsys researchers.

πŸ“– Read

via "Dark Reading".
Dark Reading
Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service
Monitoring platform is trusted by Cisco, Savannah River Nuclear Solutions, and others in CISA's critical infrastructure Sectors, say Synopsys researchers.
188 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 3 Major Email Security Standards Falling Down on the Job πŸ•΄

Nearly 90% of malicious emails manage to get past SPF, DKIM, or DMARC, since threat actors are apparently using the same filters as legitimate users.

πŸ“– Read

via "Dark Reading".
Dark Reading
3 Major Email Security Standards Prove Too Porous for the Task
Nearly 90% of malicious emails manage to get past SPF, DKIM, or DMARC, since threat actors are apparently using the same filters as legitimate users.
❀1
188 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Kaspersky Password Manager Adds 2FA One-Time Password Storage and New Browser Support πŸ•΄



πŸ“– Read

via "Dark Reading".
Dark Reading
Kaspersky Password Manager Adds 2FA One-Time Password Storage and New Browser Support
WOBURN, Mass., Aug. 15, 2023 /PRNewswire/ -- Kaspersky has announced two important new features for its Kaspersky Password Manager. The first one enables users to safely store unique keys for two-factor authentication (2FA) and to generate one-time passwords.…
204 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39848 β€Ό

DVWA v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at blind\source\high.php.

πŸ“– Read

via "National Vulnerability Database".
197 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39843 β€Ό

Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device.

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38866 β€Ό

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name.

πŸ“– Read

via "National Vulnerability Database".
204 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39841 β€Ό

Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device.

πŸ“– Read

via "National Vulnerability Database".
225 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39842 β€Ό

Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device.

πŸ“– Read

via "National Vulnerability Database".
257 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38864 β€Ό

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt.

πŸ“– Read

via "National Vulnerability Database".
277 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39852 β€Ό

Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php.

πŸ“– Read

via "National Vulnerability Database".
296 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39851 β€Ό

webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.

πŸ“– Read

via "National Vulnerability Database".
295 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39849 β€Ό

Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \inc\function.php.

πŸ“– Read

via "National Vulnerability Database".
343 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-20560 β€Ό

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD RyzenΓ’β€žΒ’ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.

πŸ“– Read

via "National Vulnerability Database".
465 views