πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-29280 β€Ό

In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow

πŸ“– Read

via "National Vulnerability Database".
129 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-31868 β€Ό

Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.

πŸ“– Read

via "National Vulnerability Database".
161 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-39302 β€Ό

MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-34645 β€Ό

The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.1.0.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Why it's important to create a common language of cyber risk 🦿

All departments of an organization need to be on the same page where cybersecurity is concerned, and that will only happen if the terminology used is understood by all.

πŸ“– Read

via "Tech Republic".
TechRepublic
Why it's important to create a common language of cyber risk
All departments of an organization need to be on the same page where cybersecurity is concerned, and that will only happen if the terminology used is understood by all.
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” US Trade Commission Looking into 3D Imaging Trade Secret Theft πŸ”

One firm claims another took its trade secrets and brought them to China to manufacture the product at a lower cost.

πŸ“– Read

via "".
Digital Guardian
US Trade Commission Looking into 3D Imaging Trade Secret Theft
One firm claims another took its trade secrets and brought them to China to manufacture the product at a lower cost.
164 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-28490 β€Ό

In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.

πŸ“– Read

via "National Vulnerability Database".
150 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-20642 β€Ό

Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.

πŸ“– Read

via "National Vulnerability Database".
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-37597 β€Ό

WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.

πŸ“– Read

via "National Vulnerability Database".
162 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-37598 β€Ό

WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-20645 β€Ό

Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.

πŸ“– Read

via "National Vulnerability Database".
165 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Critical Cisco Bug in Small Business Routers to Remain Unpatched ❌

The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life.

πŸ“– Read

via "Threat Post".
Threat Post
Critical Cisco Bug in Small Business Routers to Remain Unpatched
The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life.
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ InkySquid State Actor Exploiting Known IE Bugs ❌

The North Korea-linked APT group leverages known Internet Explorer vulns for watering-hole attacks.

πŸ“– Read

via "Threat Post".
Threat Post
InkySquid State Actor Exploiting Known IE Bugs
The North Korea-linked APT group leverages known Internet Explorer vulns for watering-hole attacks.
186 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ How Ready Are You for a Ransomware Attack? ❌

Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement.

πŸ“– Read

via "Threat Post".
Threat Post
How Ready Are You for a Ransomware Attack?
Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement.
207 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ What’s Next for T-Mobile and Its Customers? – Podcast ❌

Hopefully not a hacked-up hairball of a β€œno can do” message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite.

πŸ“– Read

via "Threat Post".
Threat Post
What’s Next for T-Mobile and Its Customers? – Podcast
Hopefully not a hacked-up hairball of a β€œno can do” message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite.
234 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-18900 β€Ό

A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128 allows attackers to execute arbitrary code.

πŸ“– Read

via "National Vulnerability Database".
241 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-18897 β€Ό

An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.

πŸ“– Read

via "National Vulnerability Database".
318 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-18899 β€Ό

An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.

πŸ“– Read

via "National Vulnerability Database".
334 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-18898 β€Ό

A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.

πŸ“– Read

via "National Vulnerability Database".
337 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 How to protect your T-Mobile account in light of the latest data breach 🦿

In response to a breach that compromised the personal data of millions of subscribers, T-Mobile customers should change their password and PIN and set up two-step verification.

πŸ“– Read

via "Tech Republic".
TechRepublic
How to protect your T-Mobile account in light of the latest data breach
In response to a breach that compromised the personal data of millions of subscribers, T-Mobile customers should change their password and PIN and set up two-step verification.
357 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Nigerian Threat Actors Solicits Employees to Deploy Ransomware for Cut of Profits ❌

Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organization’s network.

πŸ“– Read

via "Threat Post".
Threat Post
Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits
Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organization’s network.
293 views