πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28991 β€Ό

Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.

πŸ“– Read

via "National Vulnerability Database".
145 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-15928 β€Ό

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.

πŸ“– Read

via "National Vulnerability Database".
148 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28348 β€Ό

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.

πŸ“– Read

via "National Vulnerability Database".
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-15929 β€Ό

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26890 β€Ό

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the impact is not constrained to the server of the event sender.

πŸ“– Read

via "National Vulnerability Database".
205 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2019-20925 β€Ό

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.

πŸ“– Read

via "National Vulnerability Database".
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  Sifter 11-R2 πŸ› 

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
Sifter 11-R2 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
190 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  GNU Privacy Guard 2.2.25 πŸ› 

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.25 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  nfstream 6.2.4 πŸ› 

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
nfstream 6.2.4 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Blackrota Golang Backdoor Packs Heavy Obfuscation Punch ❌

Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze.

πŸ“– Read

via "Threat Post".
Threat Post
Blackrota Golang Backdoor Packs Heavy Obfuscation Punch
Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze.
136 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Printers' Cybersecurity Threats Too Often Ignored πŸ•΄

Remote workforce heightens the need to protect printing systems against intrusion and compromise.

πŸ“– Read

via "Dark Reading".
Dark Reading
Printers' Cybersecurity Threats Too Often Ignored
Remote workforce heightens the need to protect printing systems against intrusion and compromise.
136 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Baidu Android apps caught leaking sensitive data from devices 🦿

Capturing the phone's IMSI number and MAC address, the leaked data could have made users trackable, potentially over their lifetimes, says Palo Alto Networks.

πŸ“– Read

via "Tech Republic".
TechRepublic
Baidu Android apps caught leaking sensitive data from devices
Capturing the phone's IMSI number and MAC address, the leaked data could have made users trackable, potentially over their lifetimes, says Palo Alto Networks.
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Naked Security Live – Beat the Threat! ⚠

Here's the latest Naked Security Live video - how to beat the crooks! Watch now...

πŸ“– Read

via "Naked Security".
Naked Security
Naked Security Live – Beat the Threat!
Here’s the latest Naked Security Live video – how to beat the crooks! Watch now…
112 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4002 β€Ό

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system.

πŸ“– Read

via "National Vulnerability Database".
103 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4003 β€Ό

VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure.

πŸ“– Read

via "National Vulnerability Database".
101 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-29006 β€Ό

MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.

πŸ“– Read

via "National Vulnerability Database".
89 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25472 β€Ό

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.

πŸ“– Read

via "National Vulnerability Database".
86 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-3985 β€Ό

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their privileges.

πŸ“– Read

via "National Vulnerability Database".
86 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25473 β€Ό

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies.

πŸ“– Read

via "National Vulnerability Database".
80 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25474 β€Ό

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.

πŸ“– Read

via "National Vulnerability Database".
80 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4000 β€Ό

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.

πŸ“– Read

via "National Vulnerability Database".
77 views