πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-10514

iCatch DVR do not validate function parameter properly, resulting attackers executing arbitrary command.

πŸ“– Read

via "National Vulnerability Database".
155 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-10513

The file management interface of iCatch DVR contains broken access control which allows the attacker to remotely manipulate arbitrary file.

πŸ“– Read

via "National Vulnerability Database".
149 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-10512

HGiga C&Cmail contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.

πŸ“– Read

via "National Vulnerability Database".
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-10511

HGiga C&Cmail contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL.

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-10507

The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of misconfigured file upload filter. Attackers can upload any format of file to the system.

πŸ“– Read

via "National Vulnerability Database".
137 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-10506

The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.

πŸ“– Read

via "National Vulnerability Database".
137 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-10505

The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, allowing attackers to inject SQL commands into the URL.

πŸ“– Read

via "National Vulnerability Database".
138 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Scammers exploit coronavirus for Business Email Compromise campaigns πŸ”

Cybercriminals are deploying COVID-19-themed gift card scams, wire transfer scams, and payroll scams aimed at organizations and their employees, according to security provider Trustwave.

πŸ“– Read

via "Security on TechRepublic".
TechRepublic
Scammers exploit coronavirus for Business Email Compromise campaigns
Cybercriminals are deploying COVID-19-themed gift card scams, wire transfer scams, and payroll scams aimed at organizations and their employees, according to security provider Trustwave.
136 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cybersecurity Prep for the 2020s πŸ•΄

The more things change, the more they stay the same. Much of the world is still behind on the basics.

πŸ“– Read

via "Dark Reading: ".
Dark Reading
Cybersecurity Prep for the 2020s
The more things change, the more they stay the same. Much of the world is still behind on the basics.
130 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ PPE, COVID-19 Medical Supplies Targeted by BEC Scams ❌

FBI said that government agencies aiming to buy critical items like ventilators have unknowingly transferred funds to threat actors.

πŸ“– Read

via "Threatpost".
Threat Post
PPE, COVID-19 Medical Supplies Targeted by BEC Scams
FBI said that government agencies aiming to buy critical items like ventilators have unknowingly transferred funds to threat actors.
130 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Intel Fixes High-Severity Flaws in NUC, Discontinues Buggy Compute Module ❌

Intel fixed nine high- and medium-severity flaws in its April security update, which could enable privilege escalation and denial of service attacks.

πŸ“– Read

via "Threatpost".
Threat Post
Intel Fixes High-Severity Flaws in NUC, Discontinues Buggy Compute Module
Intel fixed nine high- and medium-severity flaws in its April security update, which could enable privilege escalation and denial of service attacks.
138 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Zoom passwords for sale on the Dark Web – β€œten-a-penny” by all accounts ⚠

If you reuse an old password when you're rushing to create a new account for the lockdown era, you're as good as "pre-hacking" yourself.

πŸ“– Read

via "Naked Security".
Naked Security
Zoom passwords for sale on the Dark Web – β€œten-a-penny” by all accounts
If you reuse an old password when you’re rushing to create a new account for the lockdown era, you’re as good as β€œpre-hacking” yourself.
123 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Tencent Ups Top Bug-Bounty Award to $15K ❌

The Chinese ISP has expanded its program via HackerOne.

πŸ“– Read

via "Threatpost".
Threat Post
Tencent Ups Top Bug-Bounty Award to $15K
The Chinese ISP has expanded its program via HackerOne.
121 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0906

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.

πŸ“– Read

via "National Vulnerability Database".
108 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0900

An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.

πŸ“– Read

via "National Vulnerability Database".
95 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0899

An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.

πŸ“– Read

via "National Vulnerability Database".
93 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0895

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.

πŸ“– Read

via "National Vulnerability Database".
88 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0889

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.

πŸ“– Read

via "National Vulnerability Database".
85 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0888

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0784.

πŸ“– Read

via "National Vulnerability Database".
84 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0835

An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability'.

πŸ“– Read

via "National Vulnerability Database".
84 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-0821

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1007.

πŸ“– Read

via "National Vulnerability Database".
83 views