πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43041 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application.

πŸ“– Read

via "National Vulnerability Database".
260 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43036 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak.

πŸ“– Read

via "National Vulnerability Database".
227 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43043 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.

πŸ“– Read

via "National Vulnerability Database".
202 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43033 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls.

πŸ“– Read

via "National Vulnerability Database".
202 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43040 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.

πŸ“– Read

via "National Vulnerability Database".
197 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43044 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43034 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation.

πŸ“– Read

via "National Vulnerability Database".
216 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43038 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user.

πŸ“– Read

via "National Vulnerability Database".
231 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43039 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access.

πŸ“– Read

via "National Vulnerability Database".
301 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43037 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM.

πŸ“– Read

via "National Vulnerability Database".
340 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43042 β€Ό

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker.

πŸ“– Read

via "National Vulnerability Database".
350 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Crypto-exchange BitMart reports $150 million theft following hack πŸ—“οΈ

Security firm said attackers executed a β€˜transfer-out, swap, and wash’

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Crypto-exchange BitMart reports $150 million theft following hack
Security firm said attackers executed a β€˜transfer-out, swap, and wash’
351 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-4069 β€Ό

vim is vulnerable to Use After Free

πŸ“– Read

via "National Vulnerability Database".
337 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43469 β€Ό

VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.

πŸ“– Read

via "National Vulnerability Database".
307 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Mozilla patches critical β€œBigSig” cryptographic bug: Here’s how to track it down and fix it ⚠

Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.

πŸ“– Read

via "Naked Security".
Naked Security
Mozilla patches critical β€œBigSig” cryptographic bug: Here’s how to track it down and fix it
Mozilla’s cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
297 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43471 β€Ό

In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability.

πŸ“– Read

via "National Vulnerability Database".
256 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Why the C-Suite Doesn't Need Access to All Corporate Data πŸ•΄

If zero trust is to work properly, then it must apply to everyone.

πŸ“– Read

via "Dark Reading".
Dark Reading
Why the C-Suite Doesn't Need Access to All Corporate Data
If zero trust is to work properly, then it must apply to everyone.
236 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 How to lock a Zoom meeting to keep out unwanted guests 🦿

One good way to prevent unwelcome participants or late arrivals from joining your Zoom meetings is to lock those meetings. Here's a look at how it's done.

πŸ“– Read

via "Tech Republic".
TechRepublic
How to lock a Zoom meeting to keep out unwanted guests | TechRepublic
One good way to prevent unwelcome participants or late arrivals from joining your Zoom meetings is to lock those meetings. Here's a look at how it's done.
227 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Critical vulnerabilities in open source forum software NodeBB could lead to RCE πŸ—“οΈ

Personal data, account access is at risk

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical vulnerabilities in open source forum software NodeBB could lead to RCE
Personal data, account access is at risk
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Cryptocurrency startup fails to subtract before adding, loses $31m ⚠

Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take away 42. How much is left?

πŸ“– Read

via "Naked Security".
Naked Security
Cryptocurrency startup fails to subtract before adding, loses $31m
Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn’t take away 42. How much is left?
324 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Pegasus Spyware Infects U.S. State Department iPhones ❌

It's unknown who's behind the cyberattacks against at least nine employees' iPhones, who are all involved in Ugandan diplomacy.

πŸ“– Read

via "Threat Post".
Threat Post
Pegasus Spyware Infects U.S. State Department iPhones
It's unknown who's behind the cyberattacks against at least nine employees' iPhones, who are all involved in Ugandan diplomacy.
238 views