πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3058 β€Ό

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. This issue does not impact Prisma Access firewalls.

πŸ“– Read

via "National Vulnerability Database".
145 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40517 β€Ό

Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access.

πŸ“– Read

via "National Vulnerability Database".
168 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” DOJ Takes Action Against Two Charged with Ransomware Attacks πŸ”

The Justice Department announced this week that it arrested two involved with deploying ransomware and that it seized $6.1 million in ransom payments.

πŸ“– Read

via "".
Digital Guardian
DOJ Takes Action Against Two Charged with Ransomware Attacks
The Justice Department announced this week that it arrested two involved with deploying ransomware and that it seized $6.1 million in ransom payments.
180 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ SquirrelWaffle Leverages Malspam to Deliver Qakbot, Cobalt Strike πŸ•΄

Threat is spreading widely via spam campaigns, infecting systems with a new malware loader.

πŸ“– Read

via "Dark Reading".
Dark Reading
SquirrelWaffle Leverages Malspam to Deliver Qakbot, Cobalt Strike
Threat is spreading widely via spam campaigns, infecting systems with a new malware loader.
178 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-42111 β€Ό

An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application.

πŸ“– Read

via "National Vulnerability Database".
185 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β™ŸοΈ SMS About Bank Fraud as a Pretext for Voice Phishing β™ŸοΈ

Most of us have probably heard the term "smishing" -- which is a portmanteau for traditional phishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing -- blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.

πŸ“– Read

via "Krebs on Security".
Krebsonsecurity
SMS About Bank Fraud as a Pretext for Voice Phishing
Most of us have probably heard the term "smishing" -- which is a portmanteau for traditional phishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to…
185 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ ChaosDB: Researchers Share Technical Details of Azure Flaw πŸ•΄

Wiz researchers who discovered a severe flaw in the Azure Cosmos DB database discussed the full extent of the vulnerability at Black Hat Europe.

πŸ“– Read

via "Dark Reading".
Dark Reading
ChaosDB: Researchers Share Technical Details of Azure Flaw
Wiz researchers who discovered a severe flaw in the Azure Cosmos DB database discussed the full extent of the vulnerability at Black Hat Europe.
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23876 β€Ό

pdf2xml v2.0 was discovered to contain a memory leak in the function TextPage::testLinkedText.

πŸ“– Read

via "National Vulnerability Database".
152 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23886 β€Ό

XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree.

πŸ“– Read

via "National Vulnerability Database".
141 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23903 β€Ό

A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

πŸ“– Read

via "National Vulnerability Database".
135 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23891 β€Ό

A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.

πŸ“– Read

via "National Vulnerability Database".
115 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23884 β€Ό

A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial of service (DoS) via a crafted MNG file.

πŸ“– Read

via "National Vulnerability Database".
110 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23873 β€Ό

pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump.

πŸ“– Read

via "National Vulnerability Database".
108 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23898 β€Ό

A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.

πŸ“– Read

via "National Vulnerability Database".
107 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23896 β€Ό

A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.

πŸ“– Read

via "National Vulnerability Database".
109 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23902 β€Ό

A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used as a return value starting at Editor!TMethodImplementationIntercept+0x528a3.

πŸ“– Read

via "National Vulnerability Database".
105 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23887 β€Ό

XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33.

πŸ“– Read

via "National Vulnerability Database".
103 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23900 β€Ό

A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b.

πŸ“– Read

via "National Vulnerability Database".
100 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23879 β€Ό

pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject.

πŸ“– Read

via "National Vulnerability Database".
101 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23888 β€Ό

A User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted psd file.

πŸ“– Read

via "National Vulnerability Database".
99 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-23901 β€Ό

A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.

πŸ“– Read

via "National Vulnerability Database".
101 views