πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-42791 β€Ό

An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user's login certificate.

πŸ“– Read

via "National Vulnerability Database".
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ US government’s β€˜zero trust’ roadmap calls time on perimeter-based paradigm πŸ—“οΈ

Federal agencies have a little over two years to fundamentally remodel cyber defenses

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US government’s β€˜zero trust’ roadmap calls time on perimeter-based paradigm
Federal agencies have a little over two years to fundamentally remodel cyber defenses
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Happy Data Privacy Day – and we really do mean β€œhappy” :-) ⚠

We give you some simple digital lifesytle tips that cost nothing.

πŸ“– Read

via "Naked Security".
Naked Security
Happy Data Privacy Day – and we really do mean β€œhappy” :-)
We give you some simple digital lifesytle tips that cost nothing.
239 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Zerodium Spikes Payout for Zero-Click Outlook Zero-Days ❌

The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.

πŸ“– Read

via "Threat Post".
Threat Post
Zerodium Spikes Payout for Zero-Click Outlook Zero-Days
The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23098 β€Ό

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.

πŸ“– Read

via "National Vulnerability Database".
204 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44249 β€Ό

Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials.

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23863 β€Ό

Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.

πŸ“– Read

via "National Vulnerability Database".
192 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23097 β€Ό

An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.

πŸ“– Read

via "National Vulnerability Database".
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-45435 β€Ό

An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php.

πŸ“– Read

via "National Vulnerability Database".
190 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-25905 β€Ό

An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.

πŸ“– Read

via "National Vulnerability Database".
195 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23096 β€Ό

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.

πŸ“– Read

via "National Vulnerability Database".
215 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Kaspersky stopped more than 30,000 attempts to use the Log4Shell exploit in January 🦿

The critical remote code execution vulnerability in Apache's Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.

πŸ“– Read

via "Tech Republic".
TechRepublic
Kaspersky stopped more than 30,000 attempts to use the Log4Shell exploit in January
The critical remote code execution vulnerability in Apache's Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The Looming CISO Mental Health Crisis β€” and What to Do About It, Part 1 πŸ•΄

The next big threat to corporate security may not be a new strain of malware or innovative attacker tactics, techniques, and processes. It may be our own mental health.

πŸ“– Read

via "Dark Reading".
Dark Reading
The Looming CISO Mental Health Crisis β€” and What to Do About It, Part 1
The next big threat to corporate security may not be a new strain of malware or innovative attacker tactics, techniques, and processes. It may be our own mental health.
209 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-34073 β€Ό

A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php.

πŸ“– Read

via "National Vulnerability Database".
195 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22294 β€Ό

A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account.

πŸ“– Read

via "National Vulnerability Database".
173 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-45898 β€Ό

SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.

πŸ“– Read

via "National Vulnerability Database".
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-45897 β€Ό

SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution.

πŸ“– Read

via "National Vulnerability Database".
159 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40395 β€Ό

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

πŸ“– Read

via "National Vulnerability Database".
173 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-45899 β€Ό

SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.

πŸ“– Read

via "National Vulnerability Database".
188 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Friday Five 1/28 πŸ”

The Linux PolicyKit bug, $770 million lost in social media scams, and more - catch up on the infosec news of the week with the Friday Five!

πŸ“– Read

via "".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40423 β€Ό

A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
180 views