πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Excel is still a security headache after 30 years because of this one feature 🦿

Threat researcher explains why it's tricky to tell the difference between legitimate Excel Macros and ones that deliver malware.

πŸ“– Read

via "Tech Republic".
TechRepublic
Excel is still a security headache after 30 years because of this one feature
Threat researcher explains why it's tricky to tell the difference between legitimate Excel Macros and ones that deliver malware.
174 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 A diverse cybersecurity team can help alleviate the talent shortage 🦿

Responsibilities are complex and require different job descriptions, reduced bias and a variety of skill sets, industry leaders say.

πŸ“– Read

via "Tech Republic".
TechRepublic
A diverse cybersecurity team can help alleviate the talent shortage
Responsibilities are complex and require different job descriptions, reduced bias and a variety of skill sets, industry leaders say.
178 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 How to install Webmin on Rocky Linux 🦿

With Webmin, you can better secure and manage your instances of Rocky Linux. Jack Wallen walks you through the process of getting this web-based tool up and running.

πŸ“– Read

via "Tech Republic".
TechRepublic
How to install Webmin on Rocky Linux
With Webmin, you can better secure and manage your instances of Rocky Linux. Jack Wallen walks you through the process of getting this web-based tool up and running.
172 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38553 β€Ό

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.

πŸ“– Read

via "National Vulnerability Database".
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-36787 β€Ό

The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document.

πŸ“– Read

via "National Vulnerability Database".
130 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-34823 β€Ό

The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it triggers a code path that will download a configuration file from a specified remote machine over HTTP. There is an XXE flaw in processing of this configuration file that allows reading local (to macOS) files and uploading them to remote machines.

πŸ“– Read

via "National Vulnerability Database".
121 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-32071 β€Ό

The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users.

πŸ“– Read

via "National Vulnerability Database".
112 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-36793 β€Ό

The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.

πŸ“– Read

via "National Vulnerability Database".
108 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-37028 β€Ό

There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands.

πŸ“– Read

via "National Vulnerability Database".
111 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-36785 β€Ό

The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS.

πŸ“– Read

via "National Vulnerability Database".
110 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-32068 β€Ό

The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify application data and state.

πŸ“– Read

via "National Vulnerability Database".
111 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-36792 β€Ό

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.

πŸ“– Read

via "National Vulnerability Database".
112 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38302 β€Ό

The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection.

πŸ“– Read

via "National Vulnerability Database".
114 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38554 β€Ό

HashiCorp Vault and Vault EnterpriseÒ€ℒs UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.

πŸ“– Read

via "National Vulnerability Database".
110 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-18759 β€Ό

An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100.

πŸ“– Read

via "National Vulnerability Database".
116 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-32069 β€Ό

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data.

πŸ“– Read

via "National Vulnerability Database".
121 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-18757 β€Ό

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.

πŸ“– Read

via "National Vulnerability Database".
125 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-36790 β€Ό

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS.

πŸ“– Read

via "National Vulnerability Database".
129 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-36788 β€Ό

The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS.

πŸ“– Read

via "National Vulnerability Database".
133 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-36791 β€Ό

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data.

πŸ“– Read

via "National Vulnerability Database".
149 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-37586 β€Ό

The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient validation.

πŸ“– Read

via "National Vulnerability Database".
159 views