πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44382 β€Ό

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability.

πŸ“– Read

via "National Vulnerability Database".
307 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Coronavirus SMS scam offers home PCR testing devices – don’t fall for it! ⚠

Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...

πŸ“– Read

via "Naked Security".
Naked Security
Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!
Free home PCR devices would be technological marvels, and really useful, too. But there aren’t any…
349 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Podcast transcript: Inside the DDoS arms race πŸ“’

Read the full transcript for this episode of the IT Pro Podcast

πŸ“– Read

via "ITPro".
IT PRO
Podcast transcript: Inside the DDoS arms race | IT PRO
Read the full transcript for this episode of the IT Pro Podcast
334 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ The IT Pro Podcast: Inside the DDoS arms race πŸ“’

They’re still among the most common cyber attacks - but what makes DDoS so popular?

πŸ“– Read

via "ITPro".
IT PRO
The IT Pro Podcast: Inside the DDoS arms race | IT PRO
They’re still among the most common cyber attacks - but what makes DDoS so popular?
433 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Report: IT staff fail phishing tests more often than non-technical workers πŸ“’

Results show DevOps workers consistently rank among the most likely to fail a cyber security exercise

πŸ“– Read

via "ITPro".
IT PRO
Report: IT staff fail phishing tests more often than non-technical workers | IT PRO
Results show DevOps workers consistently rank among the most likely to fail a cyber security exercise
480 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24122 β€Ό

kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.

πŸ“– Read

via "National Vulnerability Database".
447 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β™ŸοΈ Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams β™ŸοΈ

Several articles here have delved into the history of John Bernard, the pseudonym used by a fake billionaire technology investor who's tricked dozens of start-ups into giving him tens of millions of dollars. Bernard's latest victim -- a Norwegian startup hoping to build a fleet of environmentally friendly shipping vessels -- is now embroiled in a lawsuit over a deal gone bad, in which Bernard falsely claimed to have secured $100 million from six other wealthy investors, including the founder of Uber and the artist Abel Makkonen Tesfaye, better known as The Weeknd.

πŸ“– Read

via "Krebs on Security".
Krebsonsecurity
Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams
Several articles here have delved into the history of John Bernard, the pseudonym used by a fake billionaire technology investor who's tricked dozens of start-ups into giving him tens of millions of dollars. Bernard's latest victim -- a Norwegian startup…
458 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46660 β€Ό

Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks.

πŸ“– Read

via "National Vulnerability Database".
324 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46659 β€Ό

MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.

πŸ“– Read

via "National Vulnerability Database".
329 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46658 β€Ό

save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.

πŸ“– Read

via "National Vulnerability Database".
361 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46657 β€Ό

get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.

πŸ“– Read

via "National Vulnerability Database".
435 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24123 β€Ό

MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload.

πŸ“– Read

via "National Vulnerability Database".
467 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24124 β€Ό

The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.

πŸ“– Read

via "National Vulnerability Database".
504 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0273 β€Ό

Improper Access Control in Pypi calibreweb prior to 0.6.16.

πŸ“– Read

via "National Vulnerability Database".
456 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0339 β€Ό

Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.

πŸ“– Read

via "National Vulnerability Database".
πŸ”₯1
516 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0407 β€Ό

Heap-based Buffer Overflow in Conda vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
549 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0408 β€Ό

Stack-based Buffer Overflow in Conda vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
508 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0413 β€Ό

Use After Free in Conda vim prior to 8.2.

πŸ“– Read

via "National Vulnerability Database".
518 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-23520 β€Ό

The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability is triggered when the archive is extracted upon calling uncompressTo() on a ZipFile object.

πŸ“– Read

via "National Vulnerability Database".
459 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0414 β€Ό

Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0.

πŸ“– Read

via "National Vulnerability Database".
444 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-23521 β€Ό

This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic link is followed outside of the target dir allowing writing arbitrary files on the target host. In some cases, this can allow an attacker to execute arbitrary code. The vulnerable code is in the ZipFile::uncompressEntry function in juce_ZipFile.cpp and is executed when the archive is extracted upon calling uncompressTo() on a ZipFile object.

πŸ“– Read

via "National Vulnerability Database".
409 views