πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.9K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.9K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28368 β€Ό

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

πŸ“– Read

via "National Vulnerability Database".
95 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2019-7357 β€Ό

Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.

πŸ“– Read

via "National Vulnerability Database".
95 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23968 β€Ό

Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.

πŸ“– Read

via "National Vulnerability Database".
99 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27165 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-28050. Reason: This candidate is a reservation duplicate of CVE-2020-28050. Notes: All CVE users should reference CVE-2020-28050 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

πŸ“– Read

via "National Vulnerability Database".
102 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Microsoft Patch Tuesday Update Fixes 17 Critical Bugs ❌

Remote code execution vulnerabilities dominate this month’s security bulletin of warnings and patches.

πŸ“– Read

via "Threat Post".
Threat Post
Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Remote code execution vulnerabilities dominate this month’s security bulletin of warnings and patches.
121 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Microsoft Patches Windows Kernel Flaw Under Active Attack πŸ•΄

This month's Patch Tuesday addressed a Windows zero-day in a release of 112 vulnerabilities, 17 of which are critical.

πŸ“– Read

via "Dark Reading".
Darkreading
Microsoft Patches Windows Kernel Flaw Under Active Attack
This month's Patch Tuesday addressed a Windows zero-day in a release of 112 vulnerabilities, 17 of which are critical.
117 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Claroty Details Vulnerabilities in Schneider PLCs πŸ•΄

The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.

πŸ“– Read

via "Dark Reading".
Dark Reading
Claroty Details Vulnerabilities in Schneider PLCs
The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.
113 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25268 β€Ό

Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.

πŸ“– Read

via "National Vulnerability Database".
100 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25267 β€Ό

An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.

πŸ“– Read

via "National Vulnerability Database".
99 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28408 β€Ό

The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard.

πŸ“– Read

via "National Vulnerability Database".
103 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28409 β€Ό

The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur.

πŸ“– Read

via "National Vulnerability Database".
106 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-24367 β€Ό

Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user.

πŸ“– Read

via "National Vulnerability Database".
115 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-24063 β€Ό

The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.

πŸ“– Read

via "National Vulnerability Database".
117 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Malware Hidden in Encrypted Traffic Surges Amid Pandemic πŸ•΄

Zscaler says attacks involving the use of SSL/TLS encryption jumped 260% in the first nine months of 2020 compared to the same period last year.

πŸ“– Read

via "Dark Reading".
Dark Reading
Malware Hidden in Encrypted Traffic Surges Amid Pandemic
Zscaler says attacks involving the use of SSL/TLS encryption jumped 260% in the first nine months of 2020 compared to the same period last year.
155 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Flaws in Privileged Management Apps Expose Machines to Attack πŸ•΄

The Intel Support Assistant is the latest Windows utility to be found that could expose millions of computers to privilege-escalation attacks through file manipulation and symbolic links.

πŸ“– Read

via "Dark Reading".
Dark Reading
Flaws in Privileged Management Apps Expose Machines to Attack
The Intel Support Assistant is the latest Windows utility to be found that could expose millions of computers to privilege-escalation attacks through file manipulation and symbolic links.
174 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-16126 β€Ό

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.

πŸ“– Read

via "National Vulnerability Database".
170 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-16127 β€Ό

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.

πŸ“– Read

via "National Vulnerability Database".
166 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17053 β€Ό

, aka 'Internet Explorer Memory Corruption Vulnerability'.

πŸ“– Read

via "National Vulnerability Database".
148 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17019 β€Ό

, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17064, CVE-2020-17065, CVE-2020-17066.

πŸ“– Read

via "National Vulnerability Database".
148 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17055 β€Ό

, aka 'Windows Remote Access Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044.

πŸ“– Read

via "National Vulnerability Database".
142 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17071 β€Ό

, aka 'Windows Delivery Optimization Information Disclosure Vulnerability'.

πŸ“– Read

via "National Vulnerability Database".
99 views