🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-36804

Windows GDI Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
144 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38155

Azure DevOps Server and Team Foundation Server Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
142 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38144

Windows Common Log File System Driver Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
152 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38143

Windows Common Log File System Driver Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
161 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38163

Windows Defender Attack Surface Reduction Security Feature Bypass

📖 Read

via "National Vulnerability Database".
170 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38139

Windows Kernel Elevation of Privilege Vulnerability

📖 Read

via "National Vulnerability Database".
171 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38147

Windows Miracast Wireless Display Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
152 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-41764

Microsoft Office Spoofing Vulnerability

📖 Read

via "National Vulnerability Database".
152 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38152

DHCP Server Service Information Disclosure Vulnerability

📖 Read

via "National Vulnerability Database".
167 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38148

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
170 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-36805

Windows MSHTML Platform Security Feature Bypass Vulnerability

📖 Read

via "National Vulnerability Database".
179 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38146

Windows Themes Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
188 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-38162

DHCP Server Service Denial of Service Vulnerability

📖 Read

via "National Vulnerability Database".
197 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-36744

Microsoft Exchange Server Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".
211 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 IBM Adds Data Security Broker to Encrypt Data in Multiclouds 🕴

The new IBM Cloud Security Compliance Center includes a data security broker from Baffle to offer enterprises field and file level encryption of sensitive data.

📖 Read

via "Dark Reading".
Dark Reading
IBM Adds Data Security Broker to Encrypt Data in Multiclouds
The data security broker from Baffle brings field- and file-level encryption of sensitive data to new IBM Cloud Security Compliance Center.
263 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Israeli Hospital Hit By Ransomware Attack, 1TB Data Stolen 🕴

Vital medical equipment was unaffected, but attackers stole and leaked lots of personal data.

📖 Read

via "Dark Reading".
Dark Reading
Israeli Hospital Hit By Ransomware Attack, 1TB Data Stolen
Vital medical equipment was unaffected, but attackers stole and leaked lots of personal data.
372 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Critical Google Chrome Zero-Day Bug Exploited in the Wild 🕴

The security vulnerability could lead to arbitrary code execution by way of application crashing.

📖 Read

via "Dark Reading".
Dark Reading
Critical Google Chrome Zero-Day Bug Exploited in the Wild
The security vulnerability could lead to arbitrary code execution by way of application crashing.
👍2
339 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-21522

A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of Blackberry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account. 

📖 Read

via "National Vulnerability Database".
292 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-21521

An SQL Injection vulnerability in the Management Console? (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.

📖 Read

via "National Vulnerability Database".
267 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-30962

The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .

📖 Read

via "National Vulnerability Database".
265 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4501

User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.

📖 Read

via "National Vulnerability Database".
290 views