πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44026 β€Ό

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.

πŸ“– Read

via "National Vulnerability Database".
269 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-39233 β€Ό

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.

πŸ“– Read

via "National Vulnerability Database".
246 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-39232 β€Ό

In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.

πŸ“– Read

via "National Vulnerability Database".
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-39236 β€Ό

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.

πŸ“– Read

via "National Vulnerability Database".
221 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-36372 β€Ό

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41532 β€Ό

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.

πŸ“– Read

via "National Vulnerability Database".
174 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-39235 β€Ό

In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.

πŸ“– Read

via "National Vulnerability Database".
174 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-39231 β€Ό

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.

πŸ“– Read

via "National Vulnerability Database".
191 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-42338 β€Ό

4MOSAn GCB DoctorÒ€ℒs login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.

πŸ“– Read

via "National Vulnerability Database".
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-39234 β€Ό

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.

πŸ“– Read

via "National Vulnerability Database".
205 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Iranian hackers charged with cybercrimes in connection with attempts to influence 2020 US Presidential Election πŸ—“οΈ

Pair were affiliated with group that tried to secure a win for Donald Trump

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Iranian hackers charged with cybercrimes in connection with attempts to influence 2020 US Presidential Election
Pair were affiliated with group that tried to secure a win for Donald Trump
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41436 β€Ό

An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.

πŸ“– Read

via "National Vulnerability Database".
211 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3950 β€Ό

django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3974 β€Ό

vim is vulnerable to Use After Free

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3968 β€Ό

vim is vulnerable to Heap-based Buffer Overflow

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ California Pizza Kitchen Serves Up Employee SSNs in Data Breach ❌

A hefty slice of data – that of 100K+ current and former employees – was spilled in an β€œexternal system breach,” the pizza chain said. 

πŸ“– Read

via "Threat Post".
Threat Post
California Pizza Kitchen Serves Up Employee SSNs in Data Breach
A huge slice of data – that of 100K+ current and former employees – was spilled in an β€œexternal system breach,” the pizza chain said. 
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Friday Five 11/18 πŸ”

The U.K shares some new ransomware statistics, the FBI warns about a new VPN zero day, and more - catch up on the infosec news of the week with the Friday Five!

πŸ“– Read

via "".
Digital Guardian
Friday Five 11/18
The U.K shares some new ransomware statistics, the FBI warns about a new VPN zero day, and more - catch up on the infosec news of the week with the Friday Five!
194 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ CKEditor vulnerabilities pose XSS threat to Drupal and other downstream applications πŸ—“οΈ

Attackers could bypass content sanitization with malformed HTML

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
CKEditor vulnerabilities pose XSS threat to Drupal and other downstream applications
Attackers could bypass content sanitization with malformed HTML
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Zero Trust: An Answer to the Ransomware Menace? πŸ•΄

Zero trust isn't a silver bullet, but if implemented well it can help create a much more robust security defense.

πŸ“– Read

via "Dark Reading".
Dark Reading
Zero Trust: An Answer to the Ransomware Menace?
Zero trust isn't a silver bullet, but if implemented well it can help create a much more robust security defense.
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3920 β€Ό

grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

πŸ“– Read

via "National Vulnerability Database".
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Policymakers want to regulate AI but lack consensus on how 🦿

Commentary: AI is considered "world changing" by policymakers, but it's unclear how to ensure positive outcomes.

πŸ“– Read

via "Tech Republic".
TechRepublic
Policymakers want to regulate AI but lack consensus on how
Commentary: AI is considered "world changing" by policymakers, but it's unclear how to ensure positive outcomes.
187 views