๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41100 โ€ผ

An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check.

๐Ÿ“– Read

via "National Vulnerability Database".
394 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ“ข Shrinking cyber attack โ€œdwell timesโ€ highlight growing war of attrition with threat actors ๐Ÿ“ข

While teams are becoming more proficient at detecting threats, attackers are augmenting their strategies

๐Ÿ“– Read

via "ITPro".
ITPro
Shrinking cyber attack โ€œdwell timesโ€ highlight growing war of attrition with threat actors
While teams are becoming more proficient at detecting threats, attackers are augmenting their strategies
421 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-3899 โ€ผ

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ”ฅ1
418 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด 5 Early Warning Indicators That Are Key to Protecting National Secrets ๐Ÿ•ด

The Defense Department must modernize user activity monitoring by prioritizing data that can be used early to proactively mitigate insider risk.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
5 Early Warning Indicators That Are Key to Protecting National Secrets
The Defense Department must modernize user activity monitoring by prioritizing data that can be used early to proactively mitigate insider risk.
๐Ÿ‘1
396 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-4042 โ€ผ

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.

๐Ÿ“– Read

via "National Vulnerability Database".
342 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32119 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <=ร‚ 1.9.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
327 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Attackers Dangle AI-Based Facebook Ad Lures to Hijack Business Accounts ๐Ÿ•ด

The offending ads and pages leveraged interest in AI to spread a malicious credential-stealing browser extension.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Attackers Dangle AI-Based Facebook Ad Lures to Hijack Business Accounts
The offending ads and pages leveraged interest in AI to spread a malicious credential-stealing browser extension.
307 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32497 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Supersoju Block Referer Spam plugin <=ร‚ 1.1.9.4 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
258 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41125 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
232 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32496 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <=ร‚ 7.31 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
222 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32236 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <=ร‚ 1.1.8 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
201 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41124 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
184 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32300 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <=ร‚ 14.8 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
187 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41123 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
181 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32498 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <=ร‚ 1.2.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
185 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41126 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
196 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-28994 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UX-themes Flatsome plugin <=ร‚ 3.16.8 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
215 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32505 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <=ร‚ 1.0.7 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
243 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41122 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
269 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32499 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmixร‚ยฎ รขโ‚ฌโ€œ Manage and play your Show Schedule in WordPress! plugin <=ร‚ 2.4.0.9 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
274 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32509 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <=ร‚ 2.2.5 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
โค2
288 views