πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46553 β€Ό

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS).

πŸ“– Read

via "National Vulnerability Database".
115 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46527 β€Ό

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_get_cstring at src/mjs_string.c.

πŸ“– Read

via "National Vulnerability Database".
117 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46542 β€Ό

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_print at src/mjs_builtin.c. This vulnerability can lead to a Denial of Service (DoS).

πŸ“– Read

via "National Vulnerability Database".
124 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46537 β€Ό

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x9a30e. This vulnerability can lead to a Denial of Service (DoS).

πŸ“– Read

via "National Vulnerability Database".
127 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46550 β€Ό

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS).

πŸ“– Read

via "National Vulnerability Database".
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46543 β€Ό

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e810. This vulnerability can lead to a Denial of Service (DoS).

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46534 β€Ό

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via getprop_builtin_foreign at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS).

πŸ“– Read

via "National Vulnerability Database".
146 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46544 β€Ό

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x59e19. This vulnerability can lead to a Denial of Service (DoS).

πŸ“– Read

via "National Vulnerability Database".
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46526 β€Ό

Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via snquote at src/mjs_json.c.

πŸ“– Read

via "National Vulnerability Database".
174 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46521 β€Ό

Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via c_vsnprintf at mjs/src/common/str_util.c.

πŸ“– Read

via "National Vulnerability Database".
186 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Phishing Simulation Study Shows Why These Attacks Remain Pervasive πŸ•΄

E-mail purportedly from human resources convinced more than one-fifth of recipients to click, the majority of whom did so within an hour of receiving the fraudulent message.

πŸ“– Read

via "Dark Reading".
Dark Reading
Phishing Simulation Study Shows Why These Attacks Remain Pervasive
Email purportedly from human resources convinced more than one-fifth of recipients to click, the majority of whom did so within an hour of receiving the fraudulent message.
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ NCSC project will help UK businesses identify security vulnerabilities πŸ“’

The scripts will be developed and reviewed regularly to target the most pervasive issues in enterprise security

πŸ“– Read

via "ITPro".
IT PRO
NCSC project will help UK businesses identify security vulnerabilities | IT PRO
The scripts will be developed and reviewed regularly to target the most pervasive issues in enterprise security
223 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Vodafone: Personal data might become new currency by 2030 πŸ“’

Businesses will be forced to provide customers with a better experience in exchange for personal data in order to retain them

πŸ“– Read

via "ITPro".
IT PRO
Vodafone: Personal data might become new currency by 2030 | IT PRO
Businesses will be forced to provide customers with a better experience in exchange for personal data in order to retain them
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Apple fixes array of iOS, macOS zero-days and code execution security flaws πŸ“’

The first wave of security updates for Apple products in 2022 follows a year in which a wide variety of security flaws plagued its portfolio of devices

πŸ“– Read

via "ITPro".
ITPro
Apple fixes array of iOS, macOS zero-days and code execution security flaws
The first wave of security updates for Apple products in 2022 follows a year in which a wide variety of security flaws plagued its portfolio of devices
350 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ 12-year-old Linux root privilege flaw has been "hiding in plain sight" πŸ“’

Researchers were quick to highlight how easy it was to exploit the vulnerability, recommending urgent patches

πŸ“– Read

via "ITPro".
IT PRO
12-year-old Linux root privilege flaw has been "hiding in plain sight" | IT PRO
Researchers were quick to highlight how easy it was to exploit the vulnerability, recommending urgent patches
474 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-21719 β€Ό

GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds.

πŸ“– Read

via "National Vulnerability Database".
355 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Privacy slalom: Human rights, media orgs offer OPSEC warning to Winter Olympics attendees πŸ—“οΈ

Behind the spectacle of Beijing 2022, visitors’ digital freedoms may be left out in the cold

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Privacy slalom: Human rights, media orgs offer OPSEC warning to Winter Olympics attendees
Behind the spectacle of Beijing 2022, visitors’ digital freedoms may be left out in the cold
354 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28885 β€Ό

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever.

πŸ“– Read

via "National Vulnerability Database".
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-28884 β€Ό

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever.

πŸ“– Read

via "National Vulnerability Database".
256 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-21720 β€Ό

GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
247 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24071 β€Ό

A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.

πŸ“– Read

via "National Vulnerability Database".
215 views