πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 The evolution of spear phishing and who criminals are targeting 🦿

A report from Barracuda Networks also identifies attack risks associated with various roles throughout a company ranging from CEOs and IT departments to employees in sales.

πŸ“– Read

via "Tech Republic".
TechRepublic
The evolution of spear phishing and who criminals are targeting
A report from Barracuda Networks also identifies attack risks associated with various roles throughout a company ranging from CEOs and IT departments to employees in sales.
260 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ UC San Diego Health Breach Tied to Phishing Attack ❌

Employee email takeover exposed personal, medical data of students, employees and patients.

πŸ“– Read

via "Threat Post".
Threat Post
UC San Diego Health Breach Tied to Phishing Attack
Employee email takeover exposed personal, medical data of students, employees and patients.
282 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-23418 β€Ό

The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.

πŸ“– Read

via "National Vulnerability Database".
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Mitigating Insider Risk in the Food and Agriculture Sector πŸ”

A new guide, published this week, can help organizations in the food and agriculture sector identify critical assets and defend against insider threats.

πŸ“– Read

via "".
Digital Guardian
Mitigating Insider Risk in the Food and Agriculture Sector
A new guide, published this week, can help organizations in the food and agriculture sector identify critical assets and defend against insider threats.
295 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-36741 β€Ό

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the productÒ€ℒs management console in order to exploit this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
323 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-36742 β€Ό

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
365 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25273 β€Ό

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.

πŸ“– Read

via "National Vulnerability Database".
372 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 HTML smuggling is the latest cybercrime tactic you need to worry about 🦿

It will be hard to catch these smugglers, as they're abusing an essential element of web browsers that allow them to assemble code at endpoints, bypassing perimeter security.

πŸ“– Read

via "Tech Republic".
TechRepublic
HTML smuggling is the latest cybercrime tactic you need to worry about
It will be hard to catch these smugglers, as they're abusing an essential element of web browsers that allow them to assemble code at endpoints, bypassing perimeter security.
398 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep43: Apple 0-day, pygmy hippos, hive nightmares and Twitter hacker bust [Podcast] ⚠

Latest episode - listen now!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep43: Apple 0-day, pygmy hippos, hive nightmares and Twitter hacker bust [Podcast]
Latest episode – listen now!
354 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-29736 β€Ό

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.

πŸ“– Read

via "National Vulnerability Database".
332 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-29781 β€Ό

IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 203091.

πŸ“– Read

via "National Vulnerability Database".
300 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 DDoS attacks are down 38.8% in Q2 2021 🦿

It's all quiet on the DDoS front, but don't get complacent: The lull is expected, said Kaskersky, and new attack vectors could spell a coming resurgence.

πŸ“– Read

via "Tech Republic".
TechRepublic
DDoS attacks are down 38.8% in Q2 2021
It's all quiet on the DDoS front, but don't get complacent: The lull is expected, said Kaskersky, and new attack vectors could spell a coming resurgence.
280 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-20698 β€Ό

A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.

πŸ“– Read

via "National Vulnerability Database".
233 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-21806 β€Ό

SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php..

πŸ“– Read

via "National Vulnerability Database".
202 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-19118 β€Ό

Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.

πŸ“– Read

via "National Vulnerability Database".
196 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-20788 β€Ό

Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server.

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-20114 β€Ό

When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.

πŸ“– Read

via "National Vulnerability Database".
178 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-18158 β€Ό

Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php.

πŸ“– Read

via "National Vulnerability Database".
171 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-28966 β€Ό

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.

πŸ“– Read

via "National Vulnerability Database".
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-11511 β€Ό

The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.

πŸ“– Read

via "National Vulnerability Database".
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-21808 β€Ό

SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php.

πŸ“– Read

via "National Vulnerability Database".
165 views