๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-4042 โ€ผ

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.

๐Ÿ“– Read

via "National Vulnerability Database".
342 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32119 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <=ร‚ 1.9.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
327 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Attackers Dangle AI-Based Facebook Ad Lures to Hijack Business Accounts ๐Ÿ•ด

The offending ads and pages leveraged interest in AI to spread a malicious credential-stealing browser extension.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Attackers Dangle AI-Based Facebook Ad Lures to Hijack Business Accounts
The offending ads and pages leveraged interest in AI to spread a malicious credential-stealing browser extension.
307 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32497 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Supersoju Block Referer Spam plugin <=ร‚ 1.1.9.4 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
258 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41125 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
232 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32496 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <=ร‚ 7.31 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
222 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32236 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <=ร‚ 1.1.8 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
201 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41124 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
184 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32300 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <=ร‚ 14.8 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
187 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41123 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
181 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32498 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <=ร‚ 1.2.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
185 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41126 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
196 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-28994 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UX-themes Flatsome plugin <=ร‚ 3.16.8 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
215 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32505 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <=ร‚ 1.0.7 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
243 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41122 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
269 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32499 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmixร‚ยฎ รขโ‚ฌโ€œ Manage and play your Show Schedule in WordPress! plugin <=ร‚ 2.4.0.9 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
274 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32509 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <=ร‚ 2.2.5 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
โค2
288 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Name That Toon: Swift as an Arrow ๐Ÿ•ด

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Name That Toon: Swift as an Arrow
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
274 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  Using WinRAR? Be sure to patch against these code execution bugsโ€ฆ โš 

Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead...

๐Ÿ“– Read

via "Naked Security".
Sophos News
Naked Security โ€“ Sophos News
๐Ÿ‘1
260 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-38831 โ€ผ

RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.

๐Ÿ“– Read

via "National Vulnerability Database".
234 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-40273 โ€ผ

The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for databaseร‚ session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).With this fix implemented, when using theร‚ databaseร‚ session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookieร‚ session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
200 views