πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Hackers are spoofing themselves as GitHub's Dependabot to steal user passwords πŸ“’

GitHub Dependabot was crudely spoofed in hundreds of successful attacks on open source projects

πŸ“– Read

via "ITPro".
ITPro
Hackers are spoofing themselves as GitHub's Dependabot to steal user passwords
GitHub Dependabot was crudely spoofed in hundreds of successful attacks on open source projects
508 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Will Government Secure Open Source or Muck It Up? πŸ•΄

The US government aims to support open source projects, while the European Union seeks to make open source projects liable for their software. Which approach will lead to more security?

πŸ“– Read

via "Dark Reading".
Dark Reading
Will Government Secure Open Source or Muck It Up?
The US government aims to support open source projects, while the European Union seeks to make open source projects liable for their software. Which approach will lead to more security?
534 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Atlas VPN Review (2023): Features, Pricing, Alternatives 🦿

Atlas VPN is a budget-friendly VPN that offers a unique IP address swapping feature perfect for privacy enthusiasts.

πŸ“– Read

via "Tech Republic".
TechRepublic
Atlas VPN Review (Updated for 2024)
Once a budget-friendly VPN solution, Atlas VPN will shut down its services on Apr 24, 2024. All Atlas VPN users will be migrated to sister company, NordVPN.
507 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40391 β€Ό

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory.

πŸ“– Read

via "National Vulnerability Database".
423 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44023 β€Ό

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

πŸ“– Read

via "National Vulnerability Database".
❀1
363 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41241 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin <=Γ‚ 2.5.0 versions.

πŸ“– Read

via "National Vulnerability Database".
326 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41238 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UltimatelySocial Social Media Share Buttons & Social Sharing Icons plugin <=Γ‚ 2.8.3 versions.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
269 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40431 β€Ό

The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

πŸ“– Read

via "National Vulnerability Database".
244 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35990 β€Ό

The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.

πŸ“– Read

via "National Vulnerability Database".
227 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40434 β€Ό

A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library.

πŸ“– Read

via "National Vulnerability Database".
219 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40443 β€Ό

The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to gain root privileges.

πŸ“– Read

via "National Vulnerability Database".
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41174 β€Ό

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to execute arbitrary code with kernel privileges.

πŸ“– Read

via "National Vulnerability Database".
206 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40048 β€Ό

In WS_FTP ServerΓ‚ version 8.8.0 prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.

πŸ“– Read

via "National Vulnerability Database".
190 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40330 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <=Γ‚ 1.6.1 versions.

πŸ“– Read

via "National Vulnerability Database".
175 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28055 β€Ό

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.

πŸ“– Read

via "National Vulnerability Database".
243 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43222 β€Ό

SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.

πŸ“– Read

via "National Vulnerability Database".
240 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30959 β€Ό

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.

πŸ“– Read

via "National Vulnerability Database".
200 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40541 β€Ό

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39376 β€Ό

SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network

πŸ“– Read

via "National Vulnerability Database".
174 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42460 β€Ό

Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.

πŸ“– Read

via "National Vulnerability Database".
205 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40432 β€Ό

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.

πŸ“– Read

via "National Vulnerability Database".
190 views