πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Hacking the PLC via Its Engineering Software πŸ•΄

Researcher will demonstrate at DEF CON an emerging threat to industrial control networks.

πŸ“– Read

via "Dark Reading: ".
Darkreading
Hacking the PLC via Its Engineering Software
Researcher will demonstrate at DEF CON an emerging threat to industrial control networks.
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Reddit Attack Defaces Dozens of Channels πŸ•΄

The attack has defaced the channels with images and content supporting Donald Trump.

πŸ“– Read

via "Dark Reading: ".
Dark Reading
Reddit Attack Defaces Dozens of Channels
The attack has defaced the channels with images and content supporting Donald Trump.
260 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-13376

SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie.

πŸ“– Read

via "National Vulnerability Database".
274 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Qualcomm Bugs Open 40 Percent of Android Handsets to Attack ❌

Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.

πŸ“– Read

via "Threatpost".
Threat Post
Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.
342 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2019-7005

A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2.

πŸ“– Read

via "National Vulnerability Database".
406 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Digital Clones Could Cause Problems for Identity Systems πŸ•΄

Three fundamental technologies -- chatbots, audio fakes, and deepfake videos -- have improved to the point that creating digital, real-time clones of people is merely a matter of integrating the systems.

πŸ“– Read

via "Dark Reading: ".
Dark Reading
Digital Clones Could Cause Problems for Identity Systems
Three fundamental technologies -- chatbots, audio fakes, and deepfake videos -- have improved to the point that creating digital, real-time clones of people is merely a matter of integrating the systems.
430 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2019-19704

In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm.

πŸ“– Read

via "National Vulnerability Database".
390 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-12781

Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.

πŸ“– Read

via "National Vulnerability Database".
323 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-12780

A security misconfiguration exists in Combodo iTop, which can expose sensitive information.

πŸ“– Read

via "National Vulnerability Database".
317 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-12779

Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.

πŸ“– Read

via "National Vulnerability Database".
306 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-12778

Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.

πŸ“– Read

via "National Vulnerability Database".
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-12777

A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.

πŸ“– Read

via "National Vulnerability Database".
285 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Monday review – catch up with the latest articles ⚠

The latest articles and the latest Naked Security Live video - all in one place. Enjoy.

πŸ“– Read

via "Naked Security".
Naked Security
Monday review – catch up with the latest articles
The latest articles and the latest Naked Security Live video – all in one place. Enjoy.
300 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ COVID-19: Latest Security News & Commentary πŸ•΄

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

πŸ“– Read

via "Dark Reading: ".
Dark Reading
COVID-19: Latest Security News & Commentary
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
281 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Vulnerability Prioritization: Are You Getting It Right? πŸ•΄



πŸ“– Read

via "Dark Reading: ".
Dark Reading
Vulnerability Prioritization: Are You Getting It Right?
Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.
259 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ TeamViewer Flaw in Windows App Allows Password-Cracking ❌

Remote, unauthenticated attackers could exploit the TeamViewer flaw to execute code and crack victims' passwords.

πŸ“– Read

via "Threatpost".
Threat Post
TeamViewer Flaw in Windows App Allows Password-Cracking
Remote, unauthenticated attackers could exploit the TeamViewer flaw to execute code and crack victims' passwords.
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-13295

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.

πŸ“– Read

via "National Vulnerability Database".
216 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-13294

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.

πŸ“– Read

via "National Vulnerability Database".
206 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-13293

In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.

πŸ“– Read

via "National Vulnerability Database".
209 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2020-13292

In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.

πŸ“– Read

via "National Vulnerability Database".
213 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ DDoS Attacks Cresting Amid Pandemic ❌

Attacks were way up year-over-year in the second quarter as people continue to work from home.

πŸ“– Read

via "Threatpost".
Threat Post
DDoS Attacks Cresting Amid Pandemic
Attacks were way up year-over-year in the second quarter as people continue to work from home.
215 views