πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25557 β€Ό

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server.

πŸ“– Read

via "National Vulnerability Database".
86 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-21667 β€Ό

In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection.

πŸ“– Read

via "National Vulnerability Database".
87 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-6147 β€Ό

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow.

πŸ“– Read

via "National Vulnerability Database".
85 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-6019 β€Ό

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash.

πŸ“– Read

via "National Vulnerability Database".
81 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-6149 β€Ό

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section.

πŸ“– Read

via "National Vulnerability Database".
84 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-6155 β€Ό

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

πŸ“– Read

via "National Vulnerability Database".
81 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-8582 β€Ό

Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.

πŸ“– Read

via "National Vulnerability Database".
85 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-6150 β€Ό

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow.

πŸ“– Read

via "National Vulnerability Database".
88 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26825 β€Ό

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim's web browser can be read, modified, and sent to the attacker. The malicious code cannot significantly impact the victim's browser and the victim can easily close the browser tab to terminate it.

πŸ“– Read

via "National Vulnerability Database".
93 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-9127 β€Ό

Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.

πŸ“– Read

via "National Vulnerability Database".
101 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-9129 β€Ό

HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow.

πŸ“– Read

via "National Vulnerability Database".
106 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 STEM and cybersecurity training are critical for the future 🦿

Training people to fill cybersecurity jobs is important, but teaching everyone safe practices is also essential.

πŸ“– Read

via "Tech Republic".
TechRepublic
STEM and cybersecurity training are critical for the future
Training people to fill cybersecurity jobs is important, but teaching everyone safe practices is also essential.
109 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Adults and children should learn cybersecurity and safety practices 🦿

STEM education that includes cybersecurity can help the US prepare for the future.

πŸ“– Read

via "Tech Republic".
TechRepublic
Adults and children should learn cybersecurity and safety practices
STEM education that includes cybersecurity can help the US prepare for the future.
108 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 6 training trends to watch that "will define the workplace in 2021" 🦿

With the shift to remote work amid the coronavirus pandemic, online learning related to mindfulness, cybersecurity, and hybrid tech capabilities surged, Udemy found.

πŸ“– Read

via "Tech Republic".
TechRepublic
6 training trends to watch that "will define the workplace in 2021"
With the shift to remote work amid the coronavirus pandemic, online learning related to mindfulness, cybersecurity, and hybrid tech capabilities surged, Udemy found.
119 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Self-Service Security for Developers Is the DevSecOps Brass Ring πŸ•΄

DevOps teams with full security integration and self-service capabilities are 80% more likely to fix critical vulnerabilities in under a day, according to the ninth annual "State of DevOps Report."

πŸ“– Read

via "Dark Reading".
124 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ 2020 Reader Survey: Share Your Feedback to Help Us Improve ❌



πŸ“– Read

via "Threat Post".
Threat Post
2020 Reader Survey: Share Your Feedback to Help Us Improve
Please take the Threatpost Today Newsletter Survey and share your feedback to help us deliver the most relevant content to you daily.
119 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Botnet Attackers Turn to Vulnerable IoT Devices ❌

Cybercriminals are leveraging the multitudes of vulnerable connected devices with botnets that launch dangerous distributed denial-of-service (DDoS) attacks.

πŸ“– Read

via "Threat Post".
Threat Post
Botnet Attackers Turn to Vulnerable IoT Devices
Cybercriminals are leveraging the multitudes of vulnerable connected devices with botnets that launch dangerous distributed denial-of-service (DDoS) attacks.
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Nation-State Attackers Actively Target COVID-19 Vaccine-Makers ❌

Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says.

πŸ“– Read

via "Threat Post".
Threat Post
Nation-State Attackers Actively Target COVID-19 Vaccine-Makers
Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says.
140 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Amazon Sues Instagram, TikTok Influencers Over Knockoff Scam ❌

'Order This, Get This': Social-media influencers are in Amazon’s legal crosshairs for promoting generic Amazon listings with the promise to get prohibited counterfeit luxury items instead.

πŸ“– Read

via "Threat Post".
Threat Post
Amazon Sues Instagram, TikTok Influencers Over Knockoff Scam
'Order This, Get This': Social-media influencers are in Amazon’s legal crosshairs for promoting generic Amazon listings with the promise to get prohibited counterfeit luxury items instead.
155 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26223 β€Ό

Spree is a complete open source e-commerce solution built with Ruby on Rails. In Spree from version 3.7 and before versions 3.7.13, 4.0.5, and 4.1.12, there is an authorization bypass vulnerability. The perpetrator could query the API v2 Order Status endpoint with an empty string passed as an Order token. This is patched in versions 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Users of Spree < 3.7 are not affected.

πŸ“– Read

via "National Vulnerability Database".
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ CISA Director Expects to Be Fired Following Secure Election πŸ•΄

Top US cybersecurity leader Chris Krebs, who has been vocal about the security of this year's election, expects he'll be removed from his role.

πŸ“– Read

via "Dark Reading".
Dark Reading
CISA Director Expects to Be Fired Following Secure Election
Top US cybersecurity leader Chris Krebs, who has been vocal about the security of this year's election, expects he'll be removed from his role.
158 views