πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.9K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.9K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25385 β€Ό

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

πŸ“– Read

via "National Vulnerability Database".
694 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25397 β€Ό

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

πŸ“– Read

via "National Vulnerability Database".
679 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Chrome zero-day, hot on the heels of Microsoft’s IE zero-day. Patch now! ⚠

Patch early. Patch often. Patch now!

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
648 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ ALPACA – the wacky TLS security vulnerability with a funky name ⚠

Don't panic - this isn't another Heartbleed. But it's a fascinating reminder of why doing things the easy way isn't always the best way.

πŸ“– Read

via "Naked Security".
Naked Security
ALPACA – the wacky TLS security vulnerability with a funky name
Don’t panic – this isn’t another Heartbleed. But it’s a fascinating reminder of why doing things the easy way isn’t always the best way.
620 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep36: Trickbot coder busted, passwords cracked, and breaches judged [Podcast] ⚠

Latest episode - listen now!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep36: Trickbot coder busted, passwords cracked, and breaches judged [Podcast]
Latest episode – listen now!
594 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25419 β€Ό

Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.

πŸ“– Read

via "National Vulnerability Database".
586 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-29754 β€Ό

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.

πŸ“– Read

via "National Vulnerability Database".
596 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-5003 β€Ό

IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956.

πŸ“– Read

via "National Vulnerability Database".
583 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25425 β€Ό

Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.

πŸ“– Read

via "National Vulnerability Database".
575 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Cyberpunk 2077 Hacked Data Circulating Online ❌

CD Projekt Red confirmed that employee and game-related data appears to be floating around the cyber-underground, four months after a hack on the Witcher and Cyberpunk 2077 developer.

πŸ“– Read

via "Threat Post".
Threat Post
Cyberpunk 2077 Hacked Data Circulating Online
CD Projekt Red confirmed that employee and game-related data appears to be floating around the cyber-underground, four months after a hack on the Witcher and Cyberpunk 2077 developer.
πŸ‘1
607 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Details Emerge on How Gaming Giant EA Was Hacked πŸ•΄

Hacking group stole source code to FIFA 21 and the company's Frostbite engine.

πŸ“– Read

via "Dark Reading".
568 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Fallout of EA source code breach could be severe, cybersecurity experts say 🦿

Potential buyers could be interested in using the source code to game the game to make millions, perhaps sounding EA's death knell in the process.

πŸ“– Read

via "Tech Republic".
TechRepublic
Fallout of EA source code breach could be severe, cybersecurity experts say
Potential buyers could be interested in using the source code to game the game to make millions, perhaps sounding EA's death knell in the process.
569 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-6000 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
494 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-23136 β€Ό

Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.

πŸ“– Read

via "National Vulnerability Database".
491 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-22913 β€Ό

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.

πŸ“– Read

via "National Vulnerability Database".
474 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-28211 β€Ό

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

πŸ“– Read

via "National Vulnerability Database".
466 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2017-3905 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
465 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ REvil Hits US Nuclear Weapons Contractor: Report ❌

"We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)" REvil reportedly wrote.

πŸ“– Read

via "Threat Post".
Threat Post
REvil Hits US Nuclear Weapons Contractor: Report
"We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)" REvil reportedly wrote.
463 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Baby Clothes Giant Carter’s Leaks 410K Customer Records ❌

Purchase automation software delivered shortened URLs without protections.

πŸ“– Read

via "Threat Post".
Threat Post
Baby Clothes Giant Carter’s Leaks 410K Customer Records
Purchase automation software delivered shortened URLs without protections.
455 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-22753 β€Ό

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition.

πŸ“– Read

via "National Vulnerability Database".
448 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-22915 β€Ό

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection.

πŸ“– Read

via "National Vulnerability Database".
461 views