πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4700 β€Ό

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077.

πŸ“– Read

via "National Vulnerability Database".
69 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4705 β€Ό

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190.

πŸ“– Read

via "National Vulnerability Database".
71 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4476 β€Ό

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778.

πŸ“– Read

via "National Vulnerability Database".
70 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4475 β€Ό

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

πŸ“– Read

via "National Vulnerability Database".
71 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23489 β€Ό

The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.

πŸ“– Read

via "National Vulnerability Database".
74 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27991 β€Ό

Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).

πŸ“– Read

via "National Vulnerability Database".
75 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28723 β€Ό

Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.

πŸ“– Read

via "National Vulnerability Database".
75 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27989 β€Ό

Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).

πŸ“– Read

via "National Vulnerability Database".
82 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4692 β€Ό

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780.

πŸ“– Read

via "National Vulnerability Database".
85 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28692 β€Ό

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.

πŸ“– Read

via "National Vulnerability Database".
88 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4566 β€Ό

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083.

πŸ“– Read

via "National Vulnerability Database".
93 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Cybersecurity: Top hackers make big money from bug bounties 🦿

You might not make a million dollars, but hackers are making good money from reporting vulnerabilities.

πŸ“– Read

via "Tech Republic".
TechRepublic
Meet the hackers who earn millions for saving the web. How bug bounties are changing everything about security
These hackers are finding security bugs--and getting paid for it. That's changing the dynamics of cybersecurity.
102 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Citrix SD-WAN Bugs Allow Remote Code Execution ❌

The bugs tracked as CVE-2020–8271, CVE-2020–8272 and CVE-2020–8273 exist in the Citrix SD-WAN Center.

πŸ“– Read

via "Threat Post".
Threat Post
Citrix SD-WAN Bugs Allow Remote Code Execution
The bugs tracked as CVE-2020–8271, CVE-2020–8272 and CVE-2020–8273 exist in the Citrix SD-WAN Center.
105 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Data is worth its weight in gold 🦿

IT leaders are placing an increased, permanent focus on the value of data, digital transformation, and security, a new survey finds.

πŸ“– Read

via "Tech Republic".
TechRepublic
Data is worth its weight in gold
IT leaders are placing an increased, permanent focus on the value of data, digital transformation, and security, a new survey finds.
111 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Amendments to Singapore's Personal Data Protection Act Take Effect πŸ”

Singapore's recently amended Personal Data Protection Act (PDPA) increases the penalizations imposed on companies for data breaches and recognizes the rights of individuals to protect their personal data.

πŸ“– Read

via "Digital Guardian".
Digital Guardian
Amendments to Singapore's Personal Data Protection Act Take Effect
Singapore's recently amended Personal Data Protection Act (PDPA) increases the penalizations imposed on companies for data breaches and recognizes the rights of individuals to protect their personal data.
109 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Twitter Taps Mudge πŸ•΄

Noted security researcher Peiter Zatko joins the social network as head of security.

πŸ“– Read

via "Dark Reading".
Dark Reading
Twitter Taps Mudge
Noted security researcher Peiter Zatko joins the social network as head of security.
106 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-5424 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
112 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26510 β€Ό

Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.

πŸ“– Read

via "National Vulnerability Database".
113 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26508 β€Ό

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.

πŸ“– Read

via "National Vulnerability Database".
116 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26509 β€Ό

Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service.

πŸ“– Read

via "National Vulnerability Database".
124 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Attackers Target Porn Site Goers in β€˜Malsmoke’ Zloader Attack ❌

A fake Java update found on various porn sites actually downloads the well-known Zloader malware.

πŸ“– Read

via "Threat Post".
Threat Post
Attackers Target Porn Site Goers in β€˜Malsmoke’ Zloader Attack
A fake Java update found on various porn sites actually downloads the well-known Zloader malware.
142 views