πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-19144 β€Ό

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.

πŸ“– Read

via "National Vulnerability Database".
138 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38721 β€Ό

FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability

πŸ“– Read

via "National Vulnerability Database".
139 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Stop using your web browser security wrong 🦿

Chances are good you're not using your browser with a strong enough eye on security. Jack Wallen offers up some advice to the average user on how to browse safer.

πŸ“– Read

via "Tech Republic".
TechRepublic
Stop using your web browser security wrong
Chances are good you're not using your browser with a strong enough eye on security. Jack Wallen offers up some advice to the average user on how to browse safer.
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ β€˜Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise ❌

A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.

πŸ“– Read

via "Threat Post".
Threat Post
β€˜Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise
A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.
161 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep49: Poison PACs, pointless alarms and phunky bugs [Podcast] ⚠

Latest episode - listen now!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep49: Poison PACs, pointless alarms and phunky bugs [Podcast]
Latest episode – listen now!
151 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Windows zero-day MSHTML attack – how not to get booby trapped! ⚠

Zero-day bug in MSHTML, the "mini-Internet Explorer" component of Windows, triggered by booby trapped Office files.

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Financial Cybercrime: Why Cryptocurrency is the Perfect β€˜Getaway Car’ ❌

John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency.

πŸ“– Read

via "Threat Post".
Threat Post
Financial Cybercrime: Why Cryptocurrency is the Perfect β€˜Getaway Car’
John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency.
148 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 SPDX becomes internationally recognized standard 🦿

In use for a decade as the de facto standard for communicating software bills of materials, SPDX formally becomes the internationally recognized ISO/IEC JTC 1 standard.

πŸ“– Read

via "Tech Republic".
TechRepublic
SPDX becomes internationally recognized standard
In use for a decade as the de facto standard for communicating software bills of materials, SPDX formally becomes the internationally recognized ISO/IEC JTC 1 standard.
139 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-32485 β€Ό

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964926.

πŸ“– Read

via "National Vulnerability Database".
129 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-32486 β€Ό

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964928.

πŸ“– Read

via "National Vulnerability Database".
129 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38727 β€Ό

FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items

πŸ“– Read

via "National Vulnerability Database".
124 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-32487 β€Ό

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500736; Issue ID: ALPS04938456.

πŸ“– Read

via "National Vulnerability Database".
122 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40284 β€Ό

D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request.

πŸ“– Read

via "National Vulnerability Database".
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-32484 β€Ό

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964917.

πŸ“– Read

via "National Vulnerability Database".
143 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 The top keywords used in phishing email subject lines 🦿

Some of these phrasings are standard day-to-day subject lines, but as one expert explained, "the attacker wants you to be moving too fast to stop and question if it's legitimate."

πŸ“– Read

via "Tech Republic".
TechRepublic
The top keywords used in phishing email subject lines
Some of these phrasings are standard day-to-day subject lines, but as one expert explained, "the attacker wants you to be moving too fast to stop and question if it's legitimate."
164 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25466 β€Ό

Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.

πŸ“– Read

via "National Vulnerability Database".
144 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-28910 β€Ό

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server.

πŸ“– Read

via "National Vulnerability Database".
139 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25454 β€Ό

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.

πŸ“– Read

via "National Vulnerability Database".
127 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-19268 β€Ό

A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.

πŸ“– Read

via "National Vulnerability Database".
109 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-19264 β€Ό

A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.

πŸ“– Read

via "National Vulnerability Database".
101 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25465 β€Ό

An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack.

πŸ“– Read

via "National Vulnerability Database".
97 views