πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.9K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.9K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39150 β€Ό

ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.

πŸ“– Read

via "National Vulnerability Database".
233 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40611 β€Ό

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allowsΓ‚ authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.Users should upgrade to version 2.7.1 or later which has removed the vulnerability.

πŸ“– Read

via "National Vulnerability Database".
245 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27169 β€Ό

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation.

πŸ“– Read

via "National Vulnerability Database".
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39637 β€Ό

D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.

πŸ“– Read

via "National Vulnerability Database".
274 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41013 β€Ό

Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.

πŸ“– Read

via "National Vulnerability Database".
311 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Dreamforce 2023: Salesforce Expands Einstein AI and Data Cloud Platform 🦿

The Einstein 1 platform links Salesforce CRM data and generative AI. Plus, Trust Layer allows organizations to have control over their own data.

πŸ“– Read

via "Tech Republic".
TechRepublic
Dreamforce 2023: Salesforce Expands Einstein AI and Data Cloud Platform
The Einstein 1 platform links Salesforce CRM data and generative AI. Plus, Trust Layer allows organizations control over their own data.
πŸ‘1
328 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4863 β€Ό

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

πŸ“– Read

via "National Vulnerability Database".
319 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4914 β€Ό

Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.

πŸ“– Read

via "National Vulnerability Database".
278 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40784 β€Ό

DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.

πŸ“– Read

via "National Vulnerability Database".
261 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4913 β€Ό

Cross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/cecil prior to 7.47.1.

πŸ“– Read

via "National Vulnerability Database".
229 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2071 β€Ό

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies userÒ€ℒs input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. Γ‚ The device has the functionality, through a CIP class, to execute exported functions from libraries. Γ‚ There is a routine that restricts it to execute specific functions from two dynamic link library files. Γ‚ By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.

πŸ“– Read

via "National Vulnerability Database".
236 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40218 β€Ό

An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application.

πŸ“– Read

via "National Vulnerability Database".
271 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40834 β€Ό

OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.

πŸ“– Read

via "National Vulnerability Database".
246 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Check Point: Hackers Dropping Physical USB Drives at Watering Holes 🦿

Check Point's Global CISO discusses the firm's 2023 threat intelligence, including new AI malice and threat actors spreading malware by dropping flash drives.

πŸ“– Read

via "Tech Republic".
TechRepublic
Check Point: Hackers Are Dropping USB Drives at Watering Holes
Check Point's CISO discusses 2023 threat intelligence, including AI malice and threat actors spreading malware by dropping flash drives.
277 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Millions of Facebook Business Accounts Bitten by Python Malware πŸ•΄

The "MrTonyScam" has a surprisingly high success rate, spreading a Python-based stealer to some 100,000 business accounts per week.

πŸ“– Read

via "Dark Reading".
Dark Reading
Millions of Facebook Business Accounts Bitten by Python Malware
The "MrTonyScam" has a surprisingly high success rate, spreading a Python-based stealer to some 100,000 business accounts per week.
353 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities πŸ•΄

By code or by command, cybercriminals are circumventing ethical and safety restrictions to use generative AI chatbots in the way that they want.

πŸ“– Read

via "Dark Reading".
Dark Reading
ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities
By code or by command, cybercriminals are circumventing ethical and safety restrictions to use generative AI chatbots in the way that they want.
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36739 β€Ό

3D Viewer Remote Code Execution Vulnerability

πŸ“– Read

via "National Vulnerability Database".
261 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36763 β€Ό

Microsoft Outlook Information Disclosure Vulnerability

πŸ“– Read

via "National Vulnerability Database".
277 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36764 β€Ό

Microsoft SharePoint Server Elevation of Privilege Vulnerability

πŸ“– Read

via "National Vulnerability Database".
228 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38141 β€Ό

Windows Kernel Elevation of Privilege Vulnerability

πŸ“– Read

via "National Vulnerability Database".
210 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36757 β€Ό

Microsoft Exchange Server Spoofing Vulnerability

πŸ“– Read

via "National Vulnerability Database".
223 views