πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17057 β€Ό

, aka 'Windows Win32k Elevation of Privilege Vulnerability'.

πŸ“– Read

via "National Vulnerability Database".
91 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17064 β€Ό

, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17019, CVE-2020-17065, CVE-2020-17066.

πŸ“– Read

via "National Vulnerability Database".
92 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17102 β€Ό

, aka 'WebP Image Extensions Information Disclosure Vulnerability'.

πŸ“– Read

via "National Vulnerability Database".
94 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17058 β€Ό

, aka 'Microsoft Browser Memory Corruption Vulnerability'.

πŸ“– Read

via "National Vulnerability Database".
101 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-16994 β€Ό

, aka 'Azure Sphere Unsigned Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991.

πŸ“– Read

via "National Vulnerability Database".
104 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17000 β€Ό

, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'.

πŸ“– Read

via "National Vulnerability Database".
129 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17021 β€Ό

, aka 'Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-17005, CVE-2020-17006, CVE-2020-17018.

πŸ“– Read

via "National Vulnerability Database".
143 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17085 β€Ό

, aka 'Microsoft Exchange Server Denial of Service Vulnerability'.

πŸ“– Read

via "National Vulnerability Database".
145 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17046 β€Ό

, aka 'Windows Error Reporting Denial of Service Vulnerability'.

πŸ“– Read

via "National Vulnerability Database".
158 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ COVID-19 Data-Sharing App Leaked Healthcare Worker Info ❌

Philippines COVID-KAYA app allowed for unauthorized access typically protected by β€˜superuser’ credentials and also may have exposed patient data.

πŸ“– Read

via "Threat Post".
Threat Post
COVID-19 Data-Sharing App Leaked Healthcare Worker Info
Philippines COVID-KAYA app allowed for unauthorized access typically protected by β€˜superuser’ credentials and also may have exposed patient data.
165 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ High-Severity Cisco DoS Flaw Can Immobilize ASR Routers ❌

The flaw stems from an issue with the ingress packet processing function of Cisco IOS XR software.

πŸ“– Read

via "Threat Post".
Threat Post
High-Severity Cisco DoS Flaw Can Immobilize ASR Routers
The flaw stems from an issue with the ingress packet processing function of Cisco IOS XR software.
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ How to Avoid Getting Killed by Ransomware πŸ•΄

Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.

πŸ“– Read

via "Dark Reading".
Dark Reading
How to Avoid Getting Killed by Ransomware
Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4685 β€Ό

A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.

πŸ“– Read

via "National Vulnerability Database".
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  nfstream 6.2.2 πŸ› 

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
nfstream 6.2.2 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
158 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-15275 β€Ό

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.

πŸ“– Read

via "National Vulnerability Database".
147 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27523 β€Ό

Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.

πŸ“– Read

via "National Vulnerability Database".
148 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27524 β€Ό

On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.

πŸ“– Read

via "National Vulnerability Database".
139 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Former Microsoft Software Engineer Sentenced to 9 Years in Prison πŸ•΄

The 26-year-old was convicted earlier this year of wire fraud, money laundering, and filing false tax returns, among other charges.

πŸ“– Read

via "Dark Reading".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
138 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ β€œInstant bank fraud” hoax is back – don’t spread fake news! ⚠

You need to spread the word to your family and friends NOT to spread the word to their family and friends

πŸ“– Read

via "Naked Security".
Naked Security
β€œInstant bank fraud” hoax is back – don’t spread fake news!
You need to spread the word to your family and friends NOT to spread the word to their family and friends
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Smishing attack tells you β€œmobile payment problem” – don’t fall for it! ⚠

Don't be fooled by a website that looks OK - it's easy for crooks to make an exact copy. (This time, they got just one letter wrong.)

πŸ“– Read

via "Naked Security".
Naked Security
Smishing attack tells you β€œmobile payment problem” – don’t fall for it!
Don’t be fooled by a website that looks OK – it’s easy for crooks to make an exact copy. (This time, they got just one letter wrong.)
140 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Minecraft Apps on Google Play Fleece Players Out of Big Money ❌

Seven mobile apps for Android sneakily charge fans of Minecraft and Roblox hundreds of dollars per month.

πŸ“– Read

via "Threat Post".
Threat Post
Minecraft Apps on Google Play Fleece Players Out of Big Money
Seven mobile apps for Android sneakily charge fans of Minecraft and Roblox hundreds of dollars per month.
142 views