🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
🦿 Cisco Talos reports new variant of Babuk ransomware targeting Exchange servers 🦿

A new bad actor called Tortilla is running the campaign, and most affected users are in the U.S.

📖 Read

via "Tech Republic".
TechRepublic
Cisco Talos reports new variant of Babuk ransomware targeting Exchange servers
A new bad actor called Tortilla is running the campaign, and most affected users are in the U.S.
137 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 5 MITRE ATT&CK Tactics Most Frequently Detected by Cisco Secure Firewalls 🕴

Cisco Security examines the most frequently encountered MITRE ATT&CK tactics and techniques.

📖 Read

via "Dark Reading".
Dark Reading
5 MITRE ATT&CK Tactics Most Frequently Detected by Cisco Secure Firewalls
Cisco Security examines the most frequently encountered MITRE ATT&CK tactics and techniques.
143 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 CISA Issues New Directive for Patching Known Exploited Vulnerabilities 🕴

The goal is to reduce civilian federal agency exposure to attacks that threat actors are actively using in campaigns, agency says.

📖 Read

via "Dark Reading".
Dark Reading
CISA Issues New Directive for Patching Known Exploited Vulnerabilities
The goal is to reduce civilian federal agency exposure to attacks that threat actors are actively using in campaigns, agency says.
142 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Researchers Scan the Web to Uncover Malware Infections 🕴

Dozens of companies and universities regularly scan the Internet to gather data on connected devices, but some firms are looking deeper to uncover the extent of detectable malware infections.

📖 Read

via "Dark Reading".
Dark Reading
Researchers Scan the Web to Uncover Malware Infections
Dozens of companies and universities regularly scan the Internet to gather data on connected devices, but some firms are looking deeper to uncover the extent of detectable malware infections.
130 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-38411 ‼

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code.

📖 Read

via "National Vulnerability Database".
125 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-22960 ‼

The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.

📖 Read

via "National Vulnerability Database".
107 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-43338 ‼

In Ericsson Network Location MPS GMPC21, it is possible to creates a new admin user with a SQL Query for file_name in the export functionality.

📖 Read

via "National Vulnerability Database".
99 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-38420 ‼

Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.

📖 Read

via "National Vulnerability Database".
93 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-38422 ‼

Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges.

📖 Read

via "National Vulnerability Database".
89 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-41562 ‼

A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows.

📖 Read

via "National Vulnerability Database".
89 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-38407 ‼

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code.

📖 Read

via "National Vulnerability Database".
85 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-38416 ‼

Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.

📖 Read

via "National Vulnerability Database".
85 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-28416 ‼

HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.

📖 Read

via "National Vulnerability Database".
82 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-38488 ‼

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code.

📖 Read

via "National Vulnerability Database".
82 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-38403 ‼

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code.

📖 Read

via "National Vulnerability Database".
87 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-41492 ‼

Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php.

📖 Read

via "National Vulnerability Database".
86 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-42772 ‼

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.

📖 Read

via "National Vulnerability Database".
91 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-43339 ‼

In Ericsson Network Location MPS GMPC21, it is possible to inject commands via file_name in the export functionality.

📖 Read

via "National Vulnerability Database".
96 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-43032 ‼

In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side.

📖 Read

via "National Vulnerability Database".
109 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-33800 ‼

In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.

📖 Read

via "National Vulnerability Database".
119 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-6931 ‼

HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.

📖 Read

via "National Vulnerability Database".
129 views