🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-3005

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI.

📖 Read

via "National Vulnerability Database".
257 views
🛡 Cybersecurity & Privacy 🛡 - News
2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud

Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.

📖 Read

via "Threat Post".
Threat Post
2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud
Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.
268 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-35963

flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.

📖 Read

via "National Vulnerability Database".
247 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-35964

track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.

📖 Read

via "National Vulnerability Database".
237 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-21495

MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI.

📖 Read

via "National Vulnerability Database".
230 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-3007

Zend Framework 3.0.0 has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: the code may be related to Laminas Project laminas-http. Zend Framework is no longer supported by the maintainer. However, not all Zend Framework 3.0.0 vulnerabilities exist in a Laminas Project release.

📖 Read

via "National Vulnerability Database".
250 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2021-21494

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can leverage this to read the centralmka2 (session token) cookie, which is not set to HTTPOnly.

📖 Read

via "National Vulnerability Database".
237 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-35965

decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.

📖 Read

via "National Vulnerability Database".
231 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 CISO New Year's Resolutions for 2021 🕴

Six resolutions for forward-looking cyber-risk leaders.

📖 Read

via "Dark Reading".
Dark Reading
CISO New Year's Resolutions for 2021
Six resolutions for forward-looking cyber-risk leaders.
222 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 COVID-19's Acceleration of Cloud Migration & Identity-Centric Security 🕴

Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.

📖 Read

via "Dark Reading".
Dark Reading
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.
222 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-4910

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274.

📖 Read

via "National Vulnerability Database".
190 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-4918

IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.

📖 Read

via "National Vulnerability Database".
162 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-4928

IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.

📖 Read

via "National Vulnerability Database".
139 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-4917

IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.

📖 Read

via "National Vulnerability Database".
126 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-4909

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.

📖 Read

via "National Vulnerability Database".
121 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-4942

IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942.

📖 Read

via "National Vulnerability Database".
115 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-4912

IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.

📖 Read

via "National Vulnerability Database".
118 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-4913

IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.

📖 Read

via "National Vulnerability Database".
118 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-4919

IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.

📖 Read

via "National Vulnerability Database".
119 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2020-4916

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.

📖 Read

via "National Vulnerability Database".
126 views
🛡 Cybersecurity & Privacy 🛡 - News
Ticketmaster Coughs Up $10 Million Fine After Hacking Rival Business

Several Ticketmaster executives conspired a hack against a rival concert presales firm, in attempt to 'choke off' its business.

📖 Read

via "Threat Post".
Threat Post
Ticketmaster Coughs Up $10 Million Fine After Hacking Rival Business
Several Ticketmaster executives conspired a hack against a rival concert presales firm, in attempt to 'choke off' its business.
133 views