🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-39928 ‼

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.

📖 Read

via "National Vulnerability Database".
235 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23371 ‼

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors.We have already fixed the vulnerability in the following version:QVPN Windows 2.2.0.0823 and later

📖 Read

via "National Vulnerability Database".
262 views
🛡 Cybersecurity & Privacy 🛡 - News
🦿 IPVanish VPN Review (2023): Features, Pricing, and Security 🦿

Read our comprehensive review of IPVanish VPN. Discover its features, pricing, and more to determine if it meets your online security and privacy needs.

📖 Read

via "Tech Republic".
TechRepublic
IPVanish VPN Review: Is it Really as Secure as Claimed?
Read our comprehensive review of IPVanish VPN. Discover its features, pricing, and more to determine if it meets your online security and privacy needs.
275 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Predictive Analysis Can Reduce Risks Associated With Data Breaches 🕴



📖 Read

via "Dark Reading".
Dark Reading
Predictive Analysis Can Reduce Risks Associated With Data Breaches
PRESS RELEASE
221 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 SecTor 2023: Full Schedule Programming for Toronto Event 🕴



📖 Read

via "Dark Reading".
Dark Reading
SecTor 2023: Full Schedule Programming for Toronto Event
PRESS RELEASE
204 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Cybersecurity Funding Rises by 21% in Q3 2023, Pinpoint Search Group's Report Indicates 🕴



📖 Read

via "Dark Reading".
Dark Reading
Cybersecurity Funding Rises by 21% in Q3 2023, Pinpoint Search Group's Report Indicates
PRESS RELEASE
168 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 RIT Is the First University to Receive Support From the Google Cybersecurity Clinics Fund 🕴



📖 Read

via "Dark Reading".
Dark Reading
RIT Is the First University to Receive Support From the Google Cybersecurity Clinics Fund
PRESS RELEASE
204 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21266 ‼

In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
216 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5366 ‼

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.

📖 Read

via "National Vulnerability Database".
201 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21291 ‼

In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
180 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5214 ‼

In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.

📖 Read

via "National Vulnerability Database".
195 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21244 ‼

In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
237 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-45282 ‼

In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype pollution can occur via an import action.

📖 Read

via "National Vulnerability Database".
244 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21253 ‼

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
233 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-45303 ‼

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).

📖 Read

via "National Vulnerability Database".
190 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-44384 ‼

Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application.

📖 Read

via "National Vulnerability Database".
270 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-21252 ‼

In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

📖 Read

via "National Vulnerability Database".
384 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-45239 ‼

A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.

📖 Read

via "National Vulnerability Database".
370 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 WatchGuard Threat Lab Report Finds Endpoint Malware Volumes Decreasing Despite Campaigns Growing More Expansive 🕴



📖 Read

via "Dark Reading".
Dark Reading
WatchGuard Threat Lab Report Finds Endpoint Malware Volumes Decreasing Despite Campaigns Growing More Expansive
PRESS RELEASE
309 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Too Rich To Ransomware? MGM Brushes Off $100M in Losses 🕴

MGM wins big bet that days of operations outages is better business than paying a ransom, following last month's data breach.

📖 Read

via "Dark Reading".
Dark Reading
Too Rich to Ransomware? MGM Brushes Off $100M in Losses
MGM wins big bet that choosing days of operations outages is a better business decision than paying a ransom, following last month's data breach.
374 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-5452 ‼

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.

📖 Read

via "National Vulnerability Database".
378 views