πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.9K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.9K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-21298 β€Ό

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with `projects.read` permission is able to access any file via the Projects API. The issue has been patched in Node-RED 1.2.8. The vulnerability applies only to the Projects feature which is not enabled by default in Node-RED. The primary workaround is not give untrusted users read access to the Node-RED editor.

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-21274 β€Ό

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.

πŸ“– Read

via "National Vulnerability Database".
148 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The Edge Pro Tip: Fasten Your Seatbelts πŸ•΄

An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies for 2021. Where do they plan to spend next?

πŸ“– Read

via "Dark Reading".
Dark Reading
The Edge
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies for 2021. Where do they plan to spend next?
158 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Lazarus Targets Defense Companies with ThreatNeedle Malware ❌

A spear-phishing campaigned linked to a North Korean APT uses β€œNukeSped” malware in cyberespionage attacks against defense companies.

πŸ“– Read

via "Threat Post".
Threat Post
Lazarus Targets Defense Companies with ThreatNeedle Malware
A spear-phishing campaigned linked to a North Korean APT uses β€œNukeSped” malware in cyberespionage attacks against defense companies.
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 'Nerd' Humor πŸ•΄

Some jokes never get old.

πŸ“– Read

via "Dark Reading".
Dark Reading
'Nerd' Humor
Some jokes never get old.
165 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ NSA Releases Guidance on Zero-Trust Architecture πŸ•΄

A new document provides guidance for businesses planning to implement a zero-trust system management strategy.

πŸ“– Read

via "Dark Reading".
Dark Reading
NSA Releases Guidance on Zero-Trust Architecture
A new document provides guidance for businesses planning to implement a zero-trust system management strategy.
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-21308 β€Ό

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2

πŸ“– Read

via "National Vulnerability Database".
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-21302 β€Ό

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2

πŸ“– Read

via "National Vulnerability Database".
130 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 How will cybersecurity change with a new U.S. president? Pros identify the biggest needs 🦿

Every new presidential administration brings change, one way or another. Learn what President Joseph Biden is facing on the cybersecurity front, along with some tips for government and businesses.

πŸ“– Read

via "Tech Republic".
TechRepublic
How will cybersecurity change with a new US president? Pros identify the biggest needs
Every new presidential administration brings change, one way or another. Learn what President Joseph Biden is facing on the cybersecurity front, along with some tips for government and businesses.
132 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Stalkerware Volumes Remain Concerningly High, Despite Bans ❌

COVID-19 impacted volumes for the year, but the U.S. moved into third place on the list of countries most infected by stalkerware.

πŸ“– Read

via "Threat Post".
Threat Post
Stalkerware Volumes Remain Concerningly High, Despite Bans
COVID-19 impacted volumes for the year, but the U.S. moved into third place on the list of countries most infected by stalkerware.
126 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Amazon Dismisses Claims Alexa β€˜Skills’ Can Bypass Security Vetting Process ❌

Researchers found a number of privacy and security issues in Amazon's Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks.

πŸ“– Read

via "Threat Post".
Threat Post
Amazon Dismisses Claims Alexa β€˜Skills’ Can Bypass Security Vetting Process
Researchers found a number of privacy and security issues in Amazon's Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks.
140 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 The hidden business costs of working remotely 🦿

The benefits of working remotely are numerous, but studies are finding there are significant hidden costs that need to be factored in.

πŸ“– Read

via "Tech Republic".
TechRepublic
Data security: A hidden business cost of working remotely
The benefits of working remotely are numerous, but there are significant hidden costs that need to be factored in.
147 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-0402 β€Ό

In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311.

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-26561 β€Ό

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

πŸ“– Read

via "National Vulnerability Database".
129 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-0367 β€Ό

In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085.

πŸ“– Read

via "National Vulnerability Database".
123 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-26562 β€Ό

Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

πŸ“– Read

via "National Vulnerability Database".
114 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-27799 β€Ό

ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.19.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.

πŸ“– Read

via "National Vulnerability Database".
110 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-0401 β€Ό

In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265.

πŸ“– Read

via "National Vulnerability Database".
107 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-0403 β€Ό

In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124.

πŸ“– Read

via "National Vulnerability Database".
102 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-0404 β€Ό

In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039.

πŸ“– Read

via "National Vulnerability Database".
98 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-26564 β€Ό

Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

πŸ“– Read

via "National Vulnerability Database".
100 views