πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Ivanti Acquires MobileIron & Pulse Secure πŸ•΄

The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure.

πŸ“– Read

via "Dark Reading".
Dark Reading
Ivanti Acquires MobileIron & Pulse Secure
The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure.
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Zoom Impersonation Attacks Aim to Steal Credentials ❌

The Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account.

πŸ“– Read

via "Threat Post".
Threat Post
Zoom Impersonation Attacks Aim to Steal Credentials
The Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account.
128 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Electronic Medical Records Cracked Open by OpenClinic Bugs ❌

Four security vulnerabilities in an open-source medical records management platform allow remote code execution, patient data theft and more.

πŸ“– Read

via "Threat Post".
Threat Post
Electronic Medical Records Cracked Open by OpenClinic Bugs
Four security vulnerabilities in an open-source medical records management platform allow remote code execution, patient data theft and more.
124 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-7548 β€Ό

A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.

πŸ“– Read

via "National Vulnerability Database".
119 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28971 β€Ό

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.

πŸ“– Read

via "National Vulnerability Database".
118 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28970 β€Ό

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.)

πŸ“– Read

via "National Vulnerability Database".
109 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28993 β€Ό

A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request.

πŸ“– Read

via "National Vulnerability Database".
109 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28940 β€Ό

On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.

πŸ“– Read

via "National Vulnerability Database".
116 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-26762 β€Ό

A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08.

πŸ“– Read

via "National Vulnerability Database".
114 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25181 β€Ό

WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution.

πŸ“– Read

via "National Vulnerability Database".
114 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-7545 β€Ό

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureΓ‚Βͺ and SmartStruxureΓ‚Βͺ Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.

πŸ“– Read

via "National Vulnerability Database".
112 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-7546 β€Ό

A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureΓ‚Βͺ and SmartStruxureΓ‚Βͺ Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.

πŸ“– Read

via "National Vulnerability Database".
107 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25177 β€Ό

WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution.

πŸ“– Read

via "National Vulnerability Database".
109 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-7533 β€Ό

A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.

πŸ“– Read

via "National Vulnerability Database".
117 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-7547 β€Ό

A CWE-284: Improper Access Control vulnerability exists in EcoStruxureΓ‚Βͺ and SmartStruxureΓ‚Βͺ Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.

πŸ“– Read

via "National Vulnerability Database".
127 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-6880 β€Ό

A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.

πŸ“– Read

via "National Vulnerability Database".
133 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Call Fraud Operator Ordered to Pay $9M to Victims πŸ•΄

Indian national will serve 20 years in prison for running a large call center fraud operation.

πŸ“– Read

via "Dark Reading".
Dark Reading
Call Fraud Operator Ordered to Pay $9M to Victims
Indian national will serve 20 years in prison for running a large call center fraud operation.
136 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The Cybersecurity Skills Gap: It Doesn't Have to Be This Way πŸ•΄

Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.

πŸ“– Read

via "Dark Reading".
Dark Reading
The Cybersecurity Skills Gap: It Doesn't Have to Be This Way
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.
137 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” FBI Warns of BEC Scammers Using Email Forwarding πŸ”

The FBI says scammers are increasingly abusing forwarding rules on web-based email clients to hide their activity, opening the door for a Business Email Compromise (BEC) attack.

πŸ“– Read

via "Digital Guardian".
Digital Guardian
FBI Warns of BEC Scammers Using Email Forwarding
The FBI says scammers are increasingly abusing forwarding rules on web-based email clients to hide their activity, opening the door for a Business Email Compromise (BEC) attack.
132 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-29315 β€Ό

ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.

πŸ“– Read

via "National Vulnerability Database".
127 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-8539 β€Ό

Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.

πŸ“– Read

via "National Vulnerability Database".
119 views