πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.9K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.9K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3317 β€Ό

KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.

πŸ“– Read

via "National Vulnerability Database".
290 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3165 β€Ό

SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.

πŸ“– Read

via "National Vulnerability Database".
302 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3272 β€Ό

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.

πŸ“– Read

via "National Vulnerability Database".
275 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update ❌

An anonymous researcher identified bugs in the software’s kernel and WebKit browser engine that are likely part of an exploit chain.

πŸ“– Read

via "Threat Post".
Threat Post
Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update
An anonymous researcher identified bugs in the software’s kernel and WebKit browser engine that are likely part of an exploit chain.
315 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Apple critical patches fix in-the-wild iPhone exploits – update now! ⚠

Apple says. "Additional details available soon", which you can translate as "this one took us by surprise". So patch now!

πŸ“– Read

via "Naked Security".
Naked Security
Apple critical patches fix in-the-wild iPhone exploits – update now!
Apple says. β€œAdditional details available soon”, which you can translate as β€œthis one took us by surprise”. So patch now!
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 How ghost accounts could leave your organization vulnerable to ransomware 🦿

Active accounts for people who have left your organization are ripe for exploitation, according to Sophos.

πŸ“– Read

via "Tech Republic".
225 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Security's Inevitable Shift to the Edge πŸ•΄

As the edge becomes the place for DDoS mitigation, Web app security, and other controls, SASE is the management platform to handle them all.

πŸ“– Read

via "Dark Reading".
Dark Reading
Security's Inevitable Shift to the Edge
As the edge becomes the place for DDoS mitigation, Web app security, and other controls, SASE is the management platform to handle them all.
195 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4967 β€Ό

IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.

πŸ“– Read

via "National Vulnerability Database".
178 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4816 β€Ό

IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703.

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-36012 β€Ό

Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.

πŸ“– Read

via "National Vulnerability Database".
180 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4820 β€Ό

IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

πŸ“– Read

via "National Vulnerability Database".
185 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4628 β€Ό

IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 185369.

πŸ“– Read

via "National Vulnerability Database".
195 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4815 β€Ό

IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.

πŸ“– Read

via "National Vulnerability Database".
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Apple Patches Three iOS Zero-Day Vulnerabilities πŸ•΄



πŸ“– Read

via "Dark Reading".
Darkreading
Apple Patches Three iOS Zero-Day Vulnerabilities
New iOS 14.4 update available for iPhones and iPads.
204 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Why Ubuntu 21.04 is an important release, even without GNOME 40 🦿

Jack Wallen discusses why the upcoming Ubuntu 21.04 is more important than some of its features would imply.

πŸ“– Read

via "Tech Republic".
TechRepublic
Why Ubuntu 21.04 is an important release, even without GNOME 40
Jack Wallen discusses why the upcoming Ubuntu 21.04 is more important than some of its features would imply.
207 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-16106 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
164 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-16105 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-16107 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
154 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-16114 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
139 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-16108 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
138 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23356 β€Ό

dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.

πŸ“– Read

via "National Vulnerability Database".
136 views