πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ What Will Cybersecurity's 'New Normal' Look Like? πŸ•΄

The coronavirus pandemic has forced changes for much of the business world, cybersecurity included. What can we expect going forward?

πŸ“– Read

via "Dark Reading: ".
Dark Reading
What Will Cybersecurity's 'New Normal' Look Like?
The coronavirus pandemic has forced changes for much of the business world, cybersecurity included. What can we expect going forward?
126 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2019-20847

An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.

πŸ“– Read

via "National Vulnerability Database".
117 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2019-20846

An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.

πŸ“– Read

via "National Vulnerability Database".
113 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2019-20845

An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.

πŸ“– Read

via "National Vulnerability Database".
104 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2019-20844

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.

πŸ“– Read

via "National Vulnerability Database".
106 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2019-20843

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.

πŸ“– Read

via "National Vulnerability Database".
105 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2019-20842

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.

πŸ“– Read

via "National Vulnerability Database".
104 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2019-20841

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.

πŸ“– Read

via "National Vulnerability Database".
105 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ News Wrap: Malicious Chrome Extensions Removed, CIA β€˜Woefully Lax’ Security Policies Bashed ❌

Insider threats, the CIA's bad security policies, and malicious Chrome extensions were the topics of discussion during this week's news wrap podcast.

πŸ“– Read

via "Threatpost".
Threat Post
News Wrap: Malicious Chrome Extensions Removed, CIA β€˜Woefully Lax’ Security Policies Bashed
Insider threats, the CIA's bad security policies, and malicious Chrome extensions were the topics of discussion during this week's news wrap podcast.
118 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Many people using email to share files despite lack of security πŸ”

Those polled by Nordlocker also use cloud services, messaging apps, and external drives to share files.

πŸ“– Read

via "Security on TechRepublic".
TechRepublic
Many people using email to share files despite lack of security
Those polled by Nordlocker also use cloud services, messaging apps, and external drives to share files.
130 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” CCPA: How to prepare for California's new privacy law before enforcement starts July 1 πŸ”

Companies need to look for PII across all corporate data silos and consider building an automated system to respond to requests from consumers, experts say.

πŸ“– Read

via "Security on TechRepublic".
TechRepublic
CCPA: How to prepare for California's new privacy law before enforcement starts July 1
Companies need to look for PII across all corporate data silos and consider building an automated system to respond to requests from consumers, experts say.
121 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-21262

An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.

πŸ“– Read

via "National Vulnerability Database".
109 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-21261

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges.

πŸ“– Read

via "National Vulnerability Database".
106 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-21260

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy.

πŸ“– Read

via "National Vulnerability Database".
106 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-21259

An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel.

πŸ“– Read

via "National Vulnerability Database".
104 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-21258

An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.

πŸ“– Read

via "National Vulnerability Database".
100 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-21257

An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.

πŸ“– Read

via "National Vulnerability Database".
99 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-21255

An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel.

πŸ“– Read

via "National Vulnerability Database".
97 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-21254

An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command.

πŸ“– Read

via "National Vulnerability Database".
96 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-21253

An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.

πŸ“– Read

via "National Vulnerability Database".
96 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-21251

An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.

πŸ“– Read

via "National Vulnerability Database".
94 views