๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿฆฟ FBI and CISA warn of potential cyberattacks this holiday weekend, citing past trends ๐Ÿฆฟ

The Labor Day holiday could be prime time for more than just barbecues and closing the pool for the year as the open season on ransomware continues.

๐Ÿ“– Read

via "Tech Republic".
304 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โŒ Cisco Patches Critical Authentication Bug With Public Exploit โŒ

There's proof-of-concept code out for the near-maximum critical โ€“ rated at 9.8 โ€“ authentication bypass bug, but Cisco hasn't seen any malicious exploit yet.

๐Ÿ“– Read

via "Threat Post".
Threat Post
Cisco Patches Critical Authentication Bug With Public Exploit
There's proof-of-concept code out for the near-maximum critical โ€“ rated at 9.8 โ€“ authentication bypass bug but Cisco hasn't seen any malicious exploit yet.
229 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿฆฟ Execs don't sound very confident about long-term network security in the WFH era ๐Ÿฆฟ

After a somewhat clunky initial switch to remote work, it looks like hybrid offices are here to stay; at least for now. But a new report highlights concerns about the long-term resiliency of remote networks.

๐Ÿ“– Read

via "Tech Republic".
TechRepublic
Execs don't sound very confident about long-term network security in the WFH era
After a somewhat clunky initial switch to remote work, it looks like hybrid offices are here to stay; at least for now. But a new report highlights concerns about the long-term resiliency of remote networks.
216 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โŒ Google Play Sign-Ins Allow Covert Location-Tracking โŒ

A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.

๐Ÿ“– Read

via "Threat Post".
Threat Post
Google Play Sign-Ins Allow Covert Location-Tracking
A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.
177 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-33928 โ€ผ

Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

๐Ÿ“– Read

via "National Vulnerability Database".
165 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-33938 โ€ผ

Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

๐Ÿ“– Read

via "National Vulnerability Database".
168 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-33929 โ€ผ

Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

๐Ÿ“– Read

via "National Vulnerability Database".
174 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-33930 โ€ผ

Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

๐Ÿ“– Read

via "National Vulnerability Database".
177 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  Pwned! The home security system that can be hacked with your email address โš 

The alarm system that can be turned off with your email address.

๐Ÿ“– Read

via "Naked Security".
Sophos News
Naked Security โ€“ Sophos News
197 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  Skimming the CREAM โ€“ recursive withdrawals loot $13M in cryptocash โš 

Recursion [noun]: see recursion.

๐Ÿ“– Read

via "Naked Security".
Naked Security
Skimming the CREAM โ€“ recursive withdrawals loot $13M in cryptocash
Recursion [noun]: see recursion.
206 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ” WhatsApp Fined $267 Million for Breaching GDPR ๐Ÿ”

The sum, the second highest GDPR fine to date, stems from a 2018 investigation into the company's data privacy practices.

๐Ÿ“– Read

via "".
Digital Guardian
WhatsApp Fined $267 Million for Breaching GDPR
The sum, the second highest GDPR fine to date, stems from a 2018 investigation into the company's data privacy practices.
197 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-22791 โ€ผ

A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureร‚ยช Control Expert, including all Unity Pro versions (former name of EcoStruxureร‚ยช Control Expert, all versions), PLC Simulator for EcoStruxureร‚ยช Process Expert including all HDCS versions (former name of EcoStruxureร‚ยช Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

๐Ÿ“– Read

via "National Vulnerability Database".
186 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-35996 โ€ผ

Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

๐Ÿ“– Read

via "National Vulnerability Database".
150 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-22775 โ€ผ

A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software.

๐Ÿ“– Read

via "National Vulnerability Database".
140 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-39322 โ€ผ

The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.

๐Ÿ“– Read

via "National Vulnerability Database".
129 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-21086 โ€ผ

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

๐Ÿ“– Read

via "National Vulnerability Database".
118 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-28565 โ€ผ

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

๐Ÿ“– Read

via "National Vulnerability Database".
117 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-35995 โ€ผ

Adobe After Effects version 18.2.1 (and earlier) is affected by an Improper input validation vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

๐Ÿ“– Read

via "National Vulnerability Database".
114 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-22525 โ€ผ

This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1

๐Ÿ“– Read

via "National Vulnerability Database".
113 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-36019 โ€ผ

Adobe After Effects version 18.2.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

๐Ÿ“– Read

via "National Vulnerability Database".
116 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-22792 โ€ผ

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureร‚ยช Control Expert, including all Unity Pro versions (former name of EcoStruxureร‚ยช Control Expert, all versions), PLC Simulator for EcoStruxureร‚ยช Process Expert including all HDCS versions (former name of EcoStruxureร‚ยช Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

๐Ÿ“– Read

via "National Vulnerability Database".
117 views