πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack ❌

The nation-state actor is looking to speed up vaccine development efforts in North Korea.

πŸ“– Read

via "Threat Post".
Threat Post
Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack
The nation-state actor is looking to speed up vaccine development efforts in North Korea.
106 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 6 persuasion tactics used in social engineering attacks 🦿

IT security teams need to educate employees about the psychological techniques cybercriminals often use in social engineering attacks.

πŸ“– Read

via "Tech Republic".
TechRepublic
6 persuasion tactics used in social engineering attacks
IT security teams need to educate employees about the psychological techniques cybercriminals often use in social engineering attacks.
100 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28073 β€Ό

SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system.

πŸ“– Read

via "National Vulnerability Database".
92 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27397 β€Ό

Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file.

πŸ“– Read

via "National Vulnerability Database".
89 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28071 β€Ό

SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS.

πŸ“– Read

via "National Vulnerability Database".
88 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-11719 β€Ό

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key.

πŸ“– Read

via "National Vulnerability Database".
88 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4642 β€Ό

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service".

πŸ“– Read

via "National Vulnerability Database".
85 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2018-1000891 β€Ό

Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving messages with invalid checksums.

πŸ“– Read

via "National Vulnerability Database".
84 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28074 β€Ό

SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin.

πŸ“– Read

via "National Vulnerability Database".
83 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2018-1000893 β€Ό

Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when deserializing transactions.

πŸ“– Read

via "National Vulnerability Database".
81 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-13969 β€Ό

CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent.

πŸ“– Read

via "National Vulnerability Database".
88 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28070 β€Ό

SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter.

πŸ“– Read

via "National Vulnerability Database".
94 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2018-1000892 β€Ό

Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving sendheaders messages.

πŸ“– Read

via "National Vulnerability Database".
104 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-13968 β€Ό

CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter.

πŸ“– Read

via "National Vulnerability Database".
117 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Why Your Organization's Security Maturity Matters – And What to Do About It πŸ”

Forrester’s practical and actionable Informational Security Maturity Model - and Digital Guardian - can help organizations gauge their information security program.

πŸ“– Read

via "Digital Guardian".
130 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ White Ops Announces Its Acquisition πŸ•΄

A group including Goldman Sachs Merchant Banking Division, ClearSky Security, and NightDragon has purchased the human verification technology company.

πŸ“– Read

via "Dark Reading".
Dark Reading
White Ops Announces Its Acquisition
A group including Goldman Sachs Merchant Banking Division, ClearSky Security, and NightDragon has purchased the human verification technology company.
145 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Microsoft, McAfee, Rapid7, and Others Form New Ransomware Task Force πŸ•΄

Industry group wants to get a framework in the hands of the new administration's cybersecurity officials by early spring 2021.

πŸ“– Read

via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Android security: The last piece of advice you'll need for 2020 🦿

Jack Wallen takes one more opportunity to remind Android device owners to use those phones with a great deal of caution, otherwise they could become victims of malware.

πŸ“– Read

via "Tech Republic".
TechRepublic
Android security: The last piece of advice you'll need for 2020
Jack Wallen takes one more opportunity to remind Android device owners to use those phones with a great deal of caution; otherwise, they could become victims of malware.
191 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-35668 β€Ό

RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced.

πŸ“– Read

via "National Vulnerability Database".
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-5684 β€Ό

iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate.

πŸ“– Read

via "National Vulnerability Database".
155 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-2499 β€Ό

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.

πŸ“– Read

via "National Vulnerability Database".
147 views