πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3992 β€Ό

kimai2 is vulnerable to Improper Access Control

πŸ“– Read

via "National Vulnerability Database".
126 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-4015 β€Ό

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

πŸ“– Read

via "National Vulnerability Database".
126 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3985 β€Ό

kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

πŸ“– Read

via "National Vulnerability Database".
136 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3994 β€Ό

django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

πŸ“– Read

via "National Vulnerability Database".
145 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-3993 β€Ό

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

πŸ“– Read

via "National Vulnerability Database".
152 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-32592 β€Ό

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.

πŸ“– Read

via "National Vulnerability Database".
168 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Sixth member of notorious SIM-swapping cybercrime gang sentenced πŸ—“οΈ

US crime syndicate β€˜The Community’ stole millions of dollars’ worth of cryptocurrency

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Sixth member of notorious SIM-swapping cybercrime gang sentenced
US crime syndicate β€˜The Community’ stole millions of dollars’ worth of cryptocurrency
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Clearview AI face-matching service set to be fined over $20m ⚠

Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.

πŸ“– Read

via "Naked Security".
Naked Security
Clearview AI face-matching service set to be fined over $20m
Scraping data for a facial recognition service? β€œThat’s unlawful”, concluded both the British and the Australians.
222 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The Cyber Threats Facing Retailers This Holiday Shopping Season πŸ•΄

With supply chain delays and an online shopping boom, attacks will come from multiple angles.

πŸ“– Read

via "Dark Reading".
Dark Reading
The Cyber Threats Facing Retailers This Holiday Shopping Season
With supply chain delays and an online shopping boom, attacks will come from multiple angles.
200 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43690 β€Ό

YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read.

πŸ“– Read

via "National Vulnerability Database".
188 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44280 β€Ό

attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function.

πŸ“– Read

via "National Vulnerability Database".
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-25967 β€Ό

In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of usersÒ€ℒ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victimÒ€ℒs browser when they open the malicious profile picture

πŸ“– Read

via "National Vulnerability Database".
170 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44279 β€Ό

Librenms 21.11.0 is affected by is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php.

πŸ“– Read

via "National Vulnerability Database".
172 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44277 β€Ό

Librenms 21.11.0 is affected by is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php.

πŸ“– Read

via "National Vulnerability Database".
196 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ β€˜Over-permissive’ authentication checks left 190 Australian organizations vulnerable to business email compromise attacks πŸ—“οΈ

Mail servers readily hijacked due to MSP oversight

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
β€˜Over-permissive’ authentication checks left 190 Australian organizations vulnerable to business email compromise attacks
Mail servers readily hijacked due to MSP oversight
206 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ CyCognito Secures $100M to Accelerate Next Evolution of Attack Surface Management πŸ•΄

Company gives Fortune 500 companies including Colgate-Palmolive, Tesco and Scientific Games Corporation full visibility and context into risk to preempt potential attacks.

πŸ“– Read

via "Dark Reading".
Dark Reading
CyCognito Secures $100M to Accelerate Next Evolution of Attack Surface Management
Company gives Fortune 500 companies including Colgate-Palmolive, Tesco and Scientific Games Corporation full visibility and context into risk to preempt potential attacks.
198 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Stealthy β€˜WIRTE’ Gang Targets Middle Eastern Governments ❌

Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.

πŸ“– Read

via "Threat Post".
Threat Post
Stealthy β€˜WIRTE’ Gang Targets Middle Eastern Governments
Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.
190 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43689 β€Ό

manage (last update Oct 24, 2017) is affected by is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST.

πŸ“– Read

via "National Vulnerability Database".
145 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43685 β€Ό

libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.

πŸ“– Read

via "National Vulnerability Database".
139 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44480 β€Ό

Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords.

πŸ“– Read

via "National Vulnerability Database".
133 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44479 β€Ό

NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.

πŸ“– Read

via "National Vulnerability Database".
120 views