πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39843 β€Ό

Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device.

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38866 β€Ό

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name.

πŸ“– Read

via "National Vulnerability Database".
204 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39841 β€Ό

Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device.

πŸ“– Read

via "National Vulnerability Database".
225 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39842 β€Ό

Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device.

πŸ“– Read

via "National Vulnerability Database".
257 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38864 β€Ό

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt.

πŸ“– Read

via "National Vulnerability Database".
277 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39852 β€Ό

Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php.

πŸ“– Read

via "National Vulnerability Database".
296 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39851 β€Ό

webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.

πŸ“– Read

via "National Vulnerability Database".
295 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39849 β€Ό

Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \inc\function.php.

πŸ“– Read

via "National Vulnerability Database".
343 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-20560 β€Ό

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD RyzenΓ’β€žΒ’ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.

πŸ“– Read

via "National Vulnerability Database".
465 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39850 β€Ό

Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.

πŸ“– Read

via "National Vulnerability Database".
460 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-20564 β€Ό

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD RyzenΓ’β€žΒ’ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.

πŸ“– Read

via "National Vulnerability Database".
512 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Get Norton 360 Standard on 2 Devices Plus Identity Theft Protection for $24.99 🦿

This exclusive bundle includes online dark web monitoring and identity theft support, so don't miss out on this discounted year-long subscription.

πŸ“– Read

via "Tech Republic".
TechRepublic
Get Norton 360 Standard on 2 Devices Plus Identity Theft Protection for $24.99
This exclusive bundle includes online dark web monitoring and identity theft support. Don't miss this discounted year-long subscription.
463 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ How MSSPs can leverage dark web intelligence to counter emerging threats πŸ“’

Dark web intelligence can be a vital tool for MSSPs to bolster security and counter emerging threats

πŸ“– Read

via "ITPro".
ITPro
How MSSPs can leverage dark web intelligence to counter emerging threats
Dark web intelligence can be a vital tool for MSSPs to bolster security and counter emerging threats
❀1
385 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26140 β€Ό

Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization.

πŸ“– Read

via "National Vulnerability Database".
302 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39507 β€Ό

Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website.

πŸ“– Read

via "National Vulnerability Database".
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4374 β€Ό

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber privileges or above, to view logs.

πŸ“– Read

via "National Vulnerability Database".
❀1
280 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3958 β€Ό

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13.

πŸ“– Read

via "National Vulnerability Database".
❀1
303 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Business email compromise attack costs far exceeding ransomware losses πŸ“’

The increasingly popular phishing attack method is enabling threat actors to reap serious financial rewards

πŸ“– Read

via "ITPro".
ITPro
Business email compromise attack costs far exceeding ransomware losses
The increasingly popular phishing attack method is enabling threat actors to reap serious financial rewards
316 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30473 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov YML for Yandex Market plugin <=Γ‚ 3.10.7 versions.

πŸ“– Read

via "National Vulnerability Database".
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30784 β€Ό

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kaya Studio Kaya QR Code Generator plugin <=Γ‚ 1.5.2 versions.

πŸ“– Read

via "National Vulnerability Database".
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30782 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <=Γ‚ 3.7.5 versions.

πŸ“– Read

via "National Vulnerability Database".
254 views