πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0326 β€Ό

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

πŸ“– Read

via "National Vulnerability Database".
347 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ BitLocker encryption: Clear text key storage prompts security debate online πŸ—“οΈ

Many are questioning why keys are saved in the clear ahead of sign-in

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
BitLocker encryption: Clear text key storage prompts security debate online
Many are questioning why keys are saved in the clear ahead of sign-in
351 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0318 β€Ό

Heap-based Buffer Overflow in Conda vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
292 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0329 β€Ό

Code Injection in Conda loguru prior to master.

πŸ“– Read

via "National Vulnerability Database".
292 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Open debug mode in Cisco mobile networking software created critical security hole πŸ—“οΈ

Patch issued after testing engineers uncover RCE threat

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Open debug mode in Cisco mobile networking software created critical security hole
Patch issued after testing engineers uncover RCE threat
293 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Spyware Blitzes Compromise, Cannibalize ICS Networks ❌

The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.

πŸ“– Read

via "Threat Post".
Threat Post
Spyware Blitzes Compromise, Cannibalize ICS Networks
The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
255 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Looking Beyond Biden's Binding Security Directive πŸ•΄

Implementing these and other security procedures will greatly improve the security posture of the United States and its private partners.

πŸ“– Read

via "Dark Reading".
Dark Reading
Looking Beyond Biden's Binding Security Directive
Implementing these and other security procedures will greatly improve the security posture of the United States and its private partners.
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0319 β€Ό

Out-of-bounds Read in Conda vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
225 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-19858 β€Ό

Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy.

πŸ“– Read

via "National Vulnerability Database".
222 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-19860 β€Ό

When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.

πŸ“– Read

via "National Vulnerability Database".
227 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Was COMELEC hacked? Philippines Commission on Elections casts doubt on data breach claims πŸ—“οΈ

Local newspaper alleges that usernames and PINs of vote-counting machines were stolen

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Was COMELEC hacked? Philippines Commission on Elections casts doubt on data breach claims
Local newspaper alleges that usernames and PINs of vote-counting machines were stolen
247 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript] ⚠

Latest epsiode - listen now!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
Latest epsiode – listen now!
234 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ European Commission launches new open source software bug bounty program πŸ—“οΈ

Hackers are invited to test services used by EU agencies

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
European Commission launches new open source software bug bounty program
Hackers are invited to test services used by EU agencies
224 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft ⚠

The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.

πŸ“– Read

via "Naked Security".
Naked Security
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
The company has put out a brief security report that summarises the β€˜what’, but not yet the β€˜how’ or β€˜why’.
205 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46201 β€Ό

An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node.

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40855 β€Ό

The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production.

πŸ“– Read

via "National Vulnerability Database".
171 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46200 β€Ό

An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46307 β€Ό

An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.

πŸ“– Read

via "National Vulnerability Database".
149 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-35003 β€Ό

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14655.

πŸ“– Read

via "National Vulnerability Database".
150 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-35004 β€Ό

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14656.

πŸ“– Read

via "National Vulnerability Database".
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46198 β€Ό

An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app.

πŸ“– Read

via "National Vulnerability Database".
169 views