πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41492 β€Ό

Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php.

πŸ“– Read

via "National Vulnerability Database".
86 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-42772 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.

πŸ“– Read

via "National Vulnerability Database".
91 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43339 β€Ό

In Ericsson Network Location MPS GMPC21, it is possible to inject commands via file_name in the export functionality.

πŸ“– Read

via "National Vulnerability Database".
96 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43032 β€Ό

In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side.

πŸ“– Read

via "National Vulnerability Database".
109 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-33800 β€Ό

In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.

πŸ“– Read

via "National Vulnerability Database".
119 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-6931 β€Ό

HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.

πŸ“– Read

via "National Vulnerability Database".
129 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-35053 β€Ό

Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.

πŸ“– Read

via "National Vulnerability Database".
163 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38418 β€Ό

Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.

πŸ“– Read

via "National Vulnerability Database".
184 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38424 β€Ό

The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.

πŸ“– Read

via "National Vulnerability Database".
188 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ β€œTrojan Source” hides flaws in source code from humans πŸ“’

Organizations urged to take action to combat the new threat that could result in SolarWinds-style attacks

πŸ“– Read

via "ITPro".
IT PRO
β€œTrojan Source” hides flaws in source code from humans | IT PRO
Organizations urged to take action to combat the new threat that could result in SolarWinds-style attacks
173 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Office 365 phishing campaign used stolen Kaspersky Amazon SES token to fool victims πŸ“’

Credentials stolen from users after legitimate-looking email arrives in inboxes

πŸ“– Read

via "ITPro".
IT PRO
Office 365 phishing campaign used stolen Kaspersky Amazon SES token to fool victims | IT PRO
Credentials stolen from users after legitimate-looking email arrives in inboxes
167 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Microsoft unveils Defender for Business at Ignite 2021 πŸ“’

The new security suite is aimed at SMBs struggling to protect themselves in today's cyber security landscape

πŸ“– Read

via "ITPro".
ITPro
Microsoft unveils Defender for Business at Ignite 2021
The new security suite is aimed at SMBs struggling to protect themselves in today's cyber security landscape
156 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Mitre reveals 10 worst hardware security weaknesses in 2021 πŸ“’

The list aims to highlight common hardware flaws to help eliminate them from product development cycles

πŸ“– Read

via "ITPro".
IT PRO
Mitre reveals ten worst hardware security weaknesses in 2021 | IT PRO
The list aims to highlight common hardware flaws to help eliminate them from product development cycles
162 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Facebook is shutting down its controversial facial recognition system πŸ“’

The move will see more than a billion facial templates removed from Facebook's records amid a push for more private applications of the technology

πŸ“– Read

via "ITPro".
IT PRO
Facebook is shutting down its controversial facial recognition system | IT PRO
The move will see more than a billion facial templates removed from Facebook's records amid a push for more private applications of the technology
243 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ BlackMatter ransomware gang claims to have ceased operation πŸ“’

Despite the announcement made via its client portal, experts believe the hacker group will soon be planning a return

πŸ“– Read

via "ITPro".
IT PRO
BlackMatter ransomware gang claims to have ceased operation | IT PRO
Despite the announcement made via its client portal, experts believe the hacker group will soon be planning a return
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25368 β€Ό

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.

πŸ“– Read

via "National Vulnerability Database".
260 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25367 β€Ό

A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.

πŸ“– Read

via "National Vulnerability Database".
260 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-34594 β€Ό

TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system.

πŸ“– Read

via "National Vulnerability Database".
231 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-34597 β€Ό

Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.

πŸ“– Read

via "National Vulnerability Database".
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25366 β€Ό

An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.

πŸ“– Read

via "National Vulnerability Database".
193 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-42624 β€Ό

A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function.

πŸ“– Read

via "National Vulnerability Database".
195 views