πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 How to securely donate old Windows 10 PCs 🦿

Many are looking to donate their spare computing devices to people who need them but can't afford to get them on their own. There is a safe and data-secure way to make your donation.

πŸ“– Read

via "Tech Republic".
TechRepublic
How to securely donate old Windows 10 PCs
Many are looking to donate their spare computing devices to people who need them but can't afford to get them on their own. There is a safe and data-secure way to make your donation.
141 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” CPRA Set to Revamp Privacy Laws in California Yet Again πŸ”

Voters in California passed new data privacy legislation, the California Privacy Rights Act - building off the California Consumer Privacy Act - last week.

πŸ“– Read

via "Digital Guardian".
Digital Guardian
CPRA Set to Revamp Privacy Laws in California Yet Again
Voters in California passed new data privacy legislation, the California Privacy Rights Act - building off the California Consumer Privacy Act - last week.
140 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27977 β€Ό

CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges.

πŸ“– Read

via "National Vulnerability Database".
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26542 β€Ό

An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server. When used to authenticate against Microsoft Active Directory, it suffers from an authentication validation issue whereby a blank password can be used to authenticate with the service successfully.

πŸ“– Read

via "National Vulnerability Database".
144 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ FTC Announces Consent Agreement With Zoom πŸ•΄

The agreement covers Zoom's misleading statements on security for its audio and video calling.

πŸ“– Read

via "Dark Reading".
Dark Reading
FTC Announces Consent Agreement With Zoom
The agreement covers Zoom's misleading statements on security for its audio and video calling.
140 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Top 5 things to do with old gadgets 🦿

If you're wondering what to do with devices you don't use anymore, Tom Merritt offers five suggestions for how to deal with them.

πŸ“– Read

via "Tech Republic".
TechRepublic
Top 5 things to do with old gadgets
If you're wondering what to do with devices you don't use anymore, Tom Merritt offers five suggestions for how to deal with them.
145 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ New Brazilian Banking Trojan Targets Mobile Users in Multiple Countries πŸ•΄

Ghimob is a full-fledged spy in your pocket, Kaspersky says.

πŸ“– Read

via "Dark Reading".
Dark Reading
New Brazilian Banking Trojan Targets Mobile Users in Multiple Countries
Ghimob is a full-fledged spy in your pocket, Kaspersky says.
130 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-14188 β€Ό

The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.

πŸ“– Read

via "National Vulnerability Database".
124 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28364 β€Ό

A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users.

πŸ“– Read

via "National Vulnerability Database".
117 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4651 β€Ό

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024.

πŸ“– Read

via "National Vulnerability Database".
118 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28371 β€Ό

** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() method in FileOutputStream.java has a boundary check to prevent out-of-bounds memory read/write operations. However, an integer overflow leads to bypassing this check and achieving the out-of-bounds access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

πŸ“– Read

via "National Vulnerability Database".
118 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28373 β€Ό

upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.

πŸ“– Read

via "National Vulnerability Database".
135 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4759 β€Ό

IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736.

πŸ“– Read

via "National Vulnerability Database".
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26168 β€Ό

The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords.

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-14189 β€Ό

The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment.

πŸ“– Read

via "National Vulnerability Database".
212 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4650 β€Ό

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.

πŸ“– Read

via "National Vulnerability Database".
221 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Microsoft Teams Users Under Attack in β€˜FakeUpdates’ Malware Campaign ❌

Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the infection point, according to a report.

πŸ“– Read

via "Threat Post".
Threat Post
Microsoft Teams Users Under Attack in β€˜FakeUpdates’ Malware Campaign
Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the infection point, according to a report.
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ How Hackers Blend Attack Methods to Bypass MFA πŸ•΄

Protecting mobile apps requires a multilayered approach with a mix of cybersecurity measures to counter various attacks at different layers.

πŸ“– Read

via "Dark Reading".
Dark Reading
How Hackers Blend Attack Methods to Bypass MFA
Protecting mobile apps requires a multilayered approach with a mix of cybersecurity measures to counter various attacks at different layers.
186 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-0447 β€Ό

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168251617

πŸ“– Read

via "National Vulnerability Database".
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-0451 β€Ό

In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825

πŸ“– Read

via "National Vulnerability Database".
141 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-0441 β€Ό

In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-158304295

πŸ“– Read

via "National Vulnerability Database".
126 views