πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
26.2K subscribers
89.4K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.2K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-20068 β€Ό

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages.

πŸ“– Read

via "National Vulnerability Database".
110 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-20074 β€Ό

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.

πŸ“– Read

via "National Vulnerability Database".
108 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-20067 β€Ό

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication.

πŸ“– Read

via "National Vulnerability Database".
107 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-20072 β€Ό

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.

πŸ“– Read

via "National Vulnerability Database".
105 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-20071 β€Ό

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs.

πŸ“– Read

via "National Vulnerability Database".
103 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-11635 β€Ό

The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.

πŸ“– Read

via "National Vulnerability Database".
103 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-20070 β€Ό

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs.

πŸ“– Read

via "National Vulnerability Database".
111 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28918 β€Ό

DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an "unknown username" error message.

πŸ“– Read

via "National Vulnerability Database".
114 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27237 β€Ό

The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.

πŸ“– Read

via "National Vulnerability Database".
113 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-20075 β€Ό

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd.

πŸ“– Read

via "National Vulnerability Database".
119 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-29457 β€Ό

A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates.

πŸ“– Read

via "National Vulnerability Database".
123 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-20066 β€Ό

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.

πŸ“– Read

via "National Vulnerability Database".
120 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Let’s Encrypt Gears Up to Replace 200M Certificates a Day ❌

The open CA prepares for β€˜worst scenarios’ with new fiber, servers, cryptographic signing and more.

πŸ“– Read

via "Threat Post".
Threat Post
Let’s Encrypt Gears Up to Replace 200M Certificates a Day
The open CA prepares for β€˜worst scenarios’ with new fiber, servers, cryptographic signing and more.
133 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Complaint Blasts TikTok’s β€˜Misleading’ Privacy Policies ❌

TikTok is again in hot water for how the popular video-sharing app collects and shares data - particularly from its underage userbase.

πŸ“– Read

via "Threat Post".
Threat Post
Complaint Blasts TikTok’s β€˜Misleading’ Privacy Policies
TikTok is again in hot water for how the popular video-sharing app collects and shares data - particularly from its underage userbase.
144 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Firms Patch Greater Number of Systems, but Still Slowly πŸ•΄

Fewer systems have flaws; however, the time to remediate vulnerabilities stays flat, and many issues targeted by in-the-wild malware remain open to attack.

πŸ“– Read

via "Dark Reading".
Dark Reading
Firms Patch Greater Number of Systems, but Still Slowly
Fewer systems have flaws; however, the time to remediate vulnerabilities stays flat, and many issues targeted by in-the-wild malware remain open to attack.
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27104 β€Ό

Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.

πŸ“– Read

via "National Vulnerability Database".
148 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27103 β€Ό

Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.

πŸ“– Read

via "National Vulnerability Database".
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27101 β€Ό

Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27102 β€Ό

Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.

πŸ“– Read

via "National Vulnerability Database".
206 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Compromised Credentials Show That Abuse Happens in Multiple Phases πŸ•΄

The third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says.

πŸ“– Read

via "Dark Reading".
Dark Reading
Compromised Credentials Show That Abuse Happens in Multiple Phases
The third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says.
212 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-2502 β€Ό

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later

πŸ“– Read

via "National Vulnerability Database".
200 views