πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move πŸ•΄

Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers.

πŸ“– Read

via "Dark Reading".
Dark Reading
Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move
Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers.
449 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2018-16060 β€Ό

Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.

πŸ“– Read

via "National Vulnerability Database".
607 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2018-16061 β€Ό

Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.

πŸ“– Read

via "National Vulnerability Database".
692 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ China's Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes πŸ•΄

China's premier hackers will target web browsers, operating systems, mobile devices, and even a car at Tianfu Cup.

πŸ“– Read

via "Dark Reading".
Dark Reading
China's Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes
China's premier hackers will target web browsers, operating systems, mobile devices, and even a car at Tianfu Cup.
756 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ In Cyberwar, Attribution Can Be Impossible β€” and That's OK πŸ•΄

Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack.

πŸ“– Read

via "Dark Reading".
Dark Reading
In Cyberwar, Attribution Can Be Impossible β€” and That's OK
Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack.
621 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-36097 β€Ό

Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.

πŸ“– Read

via "National Vulnerability Database".
598 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38562 β€Ό

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

πŸ“– Read

via "National Vulnerability Database".
475 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38297 β€Ό

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.

πŸ“– Read

via "National Vulnerability Database".
415 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41611 β€Ό

An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.

πŸ“– Read

via "National Vulnerability Database".
362 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-42565 β€Ό

myfactory.FMS before 7.1-912 allows XSS via the UID parameter.

πŸ“– Read

via "National Vulnerability Database".
343 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-42566 β€Ό

myfactory.FMS before 7.1-912 allows XSS via the Error parameter.

πŸ“– Read

via "National Vulnerability Database".
332 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Google, Mozilla close to finalizing Sanitizer API for Chrome and Firefox browsers πŸ—“οΈ

Latest specification is a work in progress

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google, Mozilla close to finalizing Sanitizer API for Chrome and Firefox browsers
Latest specification is a work in progress
358 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Cybersecurity Awareness Month: Building your career ⚠

Explore. Experience. Share. How to get into cybersecurity...

πŸ“– Read

via "Naked Security".
Naked Security
Cybersecurity Awareness Month: Building your career
Explore. Experience. Share. How to get into cybersecurity…
373 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Bugs in malware create β€˜backdoors’ for security researchers πŸ—“οΈ

Black hat trickery switched around to boost security defenses

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bugs in malware create β€˜backdoors’ for security researchers
Black hat trickery switched around to boost security defenses
350 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-22961 β€Ό

A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution.

πŸ“– Read

via "National Vulnerability Database".
336 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2010-2496 β€Ό

stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.

πŸ“– Read

via "National Vulnerability Database".
307 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38389 β€Ό

Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.

πŸ“– Read

via "National Vulnerability Database".
249 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38440 β€Ό

FATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unauthorized information.

πŸ“– Read

via "National Vulnerability Database".
216 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38434 β€Ό

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code.

πŸ“– Read

via "National Vulnerability Database".
205 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33023 β€Ό

Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.

πŸ“– Read

via "National Vulnerability Database".
189 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38426 β€Ό

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code.

πŸ“– Read

via "National Vulnerability Database".
186 views