πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.1K subscribers
88.5K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.1K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48460 β€Ό

In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42642 β€Ό

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
168 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1719 β€Ό

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.

πŸ“– Read

via "National Vulnerability Database".
172 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42645 β€Ό

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
195 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-1713 β€Ό

Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file.

πŸ“– Read

via "National Vulnerability Database".
193 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42639 β€Ό

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
194 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42641 β€Ό

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48461 β€Ό

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
179 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42655 β€Ό

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
189 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48456 β€Ό

In camera driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
200 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48457 β€Ό

In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42648 β€Ό

In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42632 β€Ό

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-48455 β€Ό

In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
175 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42637 β€Ό

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
186 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42651 β€Ό

In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42631 β€Ό

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
180 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42646 β€Ό

In Ifaa service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

πŸ“– Read

via "National Vulnerability Database".
194 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Unsolved Cyber Mysteries: Signal Hacking πŸ•΄

Episode 1 of Bugcrowd’’s docuseries, Unsolved Cyber Mysteries, describes signal hacking attacks in the 1980s and the potential motivations behind them.

πŸ“– Read

via "Dark Reading".
Dark Reading
Unsolved Cyber Mysteries: Signal Hacking
Episode 1 of Bugcrowd's "Unsolved Cyber Mysteries" docuseries describes signal-hacking attacks in the 1980s and the potential motivations behind them.
227 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Australian CEOs Struggling to Face Cyber Risk Realities 🦿

Research has found 91% of CEOs view IT security as a technical function that's the CIO or CISO's problem, meaning IT leaders have more work to do to engage senior executives and boards.

πŸ“– Read

via "Tech Republic".
TechRepublic
Australian CEOs Struggling to Face Cyber Risk Realities
91% of CEOs view IT security as the CIO or CISO's problem, meaning IT leaders have more work to do to engage senior executives and boards.
317 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ It's Cheap to Exploit Software β€” and That's a Major Security Problem πŸ•΄

The solution? Follow in the footsteps of companies that have raised the cost of exploitation.

πŸ“– Read

via "Dark Reading".
Dark Reading
It's Cheap to Exploit Software β€” and That's a Major Security Problem
The solution? Follow in the footsteps of companies that have raised the cost of exploitation.
377 views