๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32496 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <=ร‚ 7.31 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
222 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32236 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <=ร‚ 1.1.8 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
201 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41124 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
184 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32300 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <=ร‚ 14.8 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
187 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41123 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
181 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32498 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <=ร‚ 1.2.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
185 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41126 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
196 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-28994 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UX-themes Flatsome plugin <=ร‚ 3.16.8 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
215 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32505 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <=ร‚ 1.0.7 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
243 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-41122 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
269 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32499 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmixร‚ยฎ รขโ‚ฌโ€œ Manage and play your Show Schedule in WordPress! plugin <=ร‚ 2.4.0.9 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
274 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32509 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <=ร‚ 2.2.5 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
โค2
288 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Name That Toon: Swift as an Arrow ๐Ÿ•ด

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Name That Toon: Swift as an Arrow
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
274 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  Using WinRAR? Be sure to patch against these code execution bugsโ€ฆ โš 

Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead...

๐Ÿ“– Read

via "Naked Security".
Sophos News
Naked Security โ€“ Sophos News
๐Ÿ‘1
260 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-38831 โ€ผ

RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.

๐Ÿ“– Read

via "National Vulnerability Database".
234 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-40273 โ€ผ

The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for databaseร‚ session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).With this fix implemented, when using theร‚ databaseร‚ session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookieร‚ session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
200 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-39441 โ€ผ

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, andร‚ Apache Airflow before 2.7.0 are affected by theร‚ Validation of OpenSSL Certificate vulnerability.The default SSL context with SSL library did not check a server's X.509ร‚ certificate.ร‚  Instead, the code accepted any certificate, which couldร‚ result in the disclosure of mail server credentials or mail contentsร‚ when the client connects to an attacker in a MITM position.Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability

๐Ÿ“– Read

via "National Vulnerability Database".
204 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-39583 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-38831. Reason: This candidate is a reservation duplicate of CVE-2023-38831. Notes: All CVE users should reference CVE-2023-38831 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

๐Ÿ“– Read

via "National Vulnerability Database".
215 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-1409 โ€ผ

If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate.This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
251 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-37379 โ€ผ

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

๐Ÿ“– Read

via "National Vulnerability Database".
295 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด FBI Warns of Cryptocurrency Heists by North Korea's Lazarus Group ๐Ÿ•ด

The most recent stolen bitcoin comes just after three major operations occurred in June, with millions stolen in each heist.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
FBI Warns of Cryptocurrency Heists by North Korea's Lazarus Group
The most recent stolen bitcoin comes just after three major operations occurred in June, with millions stolen in each heist.
267 views