πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor πŸ•΄

A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.

πŸ“– Read

via "Dark Reading".
Dark Reading
Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor
A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.
210 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Taking a Neighborhood Watch Approach to Retail Cybersecurity ❌

Bugcrowd CTO Casey Ellis covers new cybersecurity challenges for online retailers.

πŸ“– Read

via "Threat Post".
Threat Post
Taking a Neighborhood Watch Approach to Retail Cybersecurity
Bugcrowd CTO Casey Ellis covers new cybersecurity challenges for online retailers.
214 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 7 on-the-ground big data strategies for 2021 🦿

Don't forget the routine tasks that make big data work for your company.

πŸ“– Read

via "Tech Republic".
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Change your macOS power settings to prevent disconnecting from VPN/Wi-Fi when the computer is locked 🦿

You should always lock your computer when you walk away. But sometimes, that becomes a hassle. Here's one way to make it easier.

πŸ“– Read

via "Tech Republic".
TechRepublic
Change your macOS power settings to prevent disconnecting from VPN/Wi-Fi when the computer is locked
You should always lock your computer when you walk away. But sometimes, that becomes a hassle. Here's one way to make it easier.
173 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ FBI Warn Hackers are Using Hijacked Home Security Devices for β€˜Swatting’ ❌

Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call police with a fake emergency, then watch the chaos unfold.

πŸ“– Read

via "Threat Post".
Threat Post
FBI Warn Hackers are Using Hijacked Home Security Devices for β€˜Swatting’
Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call police with a fake emergency, then watch the chaos unfold.
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2019-16281 β€Ό

Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true;} return false;" code block.

πŸ“– Read

via "National Vulnerability Database".
143 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-11103 β€Ό

JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution.

πŸ“– Read

via "National Vulnerability Database".
139 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2019-16747 β€Ό

In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431.

πŸ“– Read

via "National Vulnerability Database".
143 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28413 β€Ό

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.

πŸ“– Read

via "National Vulnerability Database".
139 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2019-15523 β€Ό

An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API.

πŸ“– Read

via "National Vulnerability Database".
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28095 β€Ό

On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.

πŸ“– Read

via "National Vulnerability Database".
140 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17363 β€Ό

USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.

πŸ“– Read

via "National Vulnerability Database".
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2016-9026 β€Ό

Exponent CMS before 2.6.0 has improper input validation in fileController.php.

πŸ“– Read

via "National Vulnerability Database".
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2018-14067 β€Ό

Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980.

πŸ“– Read

via "National Vulnerability Database".
126 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2019-7725 β€Ό

includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).

πŸ“– Read

via "National Vulnerability Database".
114 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-12658 β€Ό

gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c.

πŸ“– Read

via "National Vulnerability Database".
106 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2016-9022 β€Ό

Exponent CMS before 2.6.0 has improper input validation in usersController.php.

πŸ“– Read

via "National Vulnerability Database".
104 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-11947 β€Ό

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.

πŸ“– Read

via "National Vulnerability Database".
105 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2016-9021 β€Ό

Exponent CMS before 2.6.0 has improper input validation in storeController.php.

πŸ“– Read

via "National Vulnerability Database".
100 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2016-9023 β€Ό

Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.

πŸ“– Read

via "National Vulnerability Database".
98 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2018-16795 β€Ό

OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.

πŸ“– Read

via "National Vulnerability Database".
96 views