πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25126 β€Ό

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice downloadkvmjnlp_func function.

πŸ“– Read

via "National Vulnerability Database".
180 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25127 β€Ό

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice generatesslcertificate_func function.

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-24664 β€Ό

The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.

πŸ“– Read

via "National Vulnerability Database".
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25138 β€Ό

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice uploadsshkey function.

πŸ“– Read

via "National Vulnerability Database".
209 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25132 β€Ό

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setmediaconfig_func function.

πŸ“– Read

via "National Vulnerability Database".
221 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25137 β€Ό

The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice startflash_func function.

πŸ“– Read

via "National Vulnerability Database".
238 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cloud Security Startup Armo Emerges from Stealth with $4.5M πŸ•΄

Armo's platform was developed to protect cloud-native workloads and provide DevOps teams with greater visibility and control.

πŸ“– Read

via "Dark Reading".
Dark Reading
Cloud Security Startup Armo Emerges from Stealth with $4.5M
Armo's platform was developed to protect cloud-native workloads and provide DevOps teams with greater visibility and control.
283 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites ❌

The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.

πŸ“– Read

via "Threat Post".
Threat Post
WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.
337 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Microsoft 365 Becomes Haven for BEC Innovation ❌

Two new phishing tactics use the platform's automated responses to evade email filters.

πŸ“– Read

via "Threat Post".
Threat Post
Microsoft 365 Becomes Haven for BEC Innovation
Two new phishing tactics use the platform's automated responses to evade email filters.
429 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-21254 β€Ό

CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.

πŸ“– Read

via "National Vulnerability Database".
474 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-17380 β€Ό

A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.

πŸ“– Read

via "National Vulnerability Database".
515 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-14418 β€Ό

A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.

πŸ“– Read

via "National Vulnerability Database".
553 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-15690 β€Ό

In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.

πŸ“– Read

via "National Vulnerability Database".
584 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ GnuPG crypto library can be pwned during decryption – patch now! ⚠

Many, if not most, Linux distros will be affected. Users of other operating systems should check for software that uses libgcrypt.

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
692 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-23329 β€Ό

The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.

πŸ“– Read

via "National Vulnerability Database".
596 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Emotet takedown – Europol attacks β€œworld’s most dangerous malware” ⚠

Great news from Europol - if you've heard of Emotet, you'll have a good idea how badly things often end for its victims.

πŸ“– Read

via "Naked Security".
Naked Security
Emotet takedown – Europol attacks β€œworld’s most dangerous malware”
Great news from Europol – if you’ve heard of Emotet, you’ll have a good idea how badly things often end for its victims.
954 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Security chaos engineering helps you find weak links in your cyber defenses before attackers do 🦿

Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network.

πŸ“– Read

via "Tech Republic".
TechRepublic
Security chaos engineering helps you find weak links in your cyber defenses before attackers do
Security experts explain why this approach is all about data and resilience, not deliberately sabotaging your own network.
503 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Strengthening Zero-Trust Architecture πŸ•΄

Organizations that want to stay ahead of cybercriminals will find that going beyond user trust and device trust is critical for outwitting their adversaries.

πŸ“– Read

via "Dark Reading".
Dark Reading
Strengthening Zero-Trust Architecture
Organizations that want to stay ahead of cybercriminals will find that going beyond user trust and device trust is critical for outwitting their adversaries.
453 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-36109 β€Ό

ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data.

πŸ“– Read

via "National Vulnerability Database".
393 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28194 β€Ό

Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.

πŸ“– Read

via "National Vulnerability Database".
365 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  AIDE 0.17.1 πŸ› 

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
AIDE 0.17.1 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
340 views