πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46387 β€Ό

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.

πŸ“– Read

via "National Vulnerability Database".
318 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Daxin Espionage Backdoor Ups the Ante on Chinese Malware ❌

Via node-hopping, the espionage tool can reach computers that aren't even connected to the internet.

πŸ“– Read

via "Threat Post".
Threat Post
Daxin Espionage Backdoor Ups the Ante on Chinese Malware
Via node-hopping, the espionage tool can reach computers that aren't even connected to the internet.
313 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4925 β€Ό

A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests. IBM X-Force ID: 191599.

πŸ“– Read

via "National Vulnerability Database".
281 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38986 β€Ό

IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.

πŸ“– Read

via "National Vulnerability Database".
262 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23387 β€Ό

An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.

πŸ“– Read

via "National Vulnerability Database".
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-36166 β€Ό

An improper authentication vulnerabilityΓ‚ inΓ‚ FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.

πŸ“– Read

via "National Vulnerability Database".
248 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-36171 β€Ό

The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.

πŸ“– Read

via "National Vulnerability Database".
271 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22321 β€Ό

IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368.

πŸ“– Read

via "National Vulnerability Database".
269 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38955 β€Ό

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.

πŸ“– Read

via "National Vulnerability Database".
282 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β™ŸοΈ Conti Ransomware Group Diaries, Part I: Evasion β™ŸοΈ

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse into the challenges of running a sprawling criminal enterprise with more than 100 salaried employees. The records also provide insight into how Conti has dealt with its own internal breaches and attacks from private security firms and foreign governments.

πŸ“– Read

via "Krebs on Security".
Krebs on Security
Conti Ransomware Group Diaries, Part I: Evasion
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million…
281 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ What Do I Need to Know for SaaS Security? πŸ•΄

Most importantly, someone needs to step forward and take it on as their job.

πŸ“– Read

via "Dark Reading".
Dark Reading
What Do I Need to Know for SaaS Security?
Most importantly, someone needs to step forward and take it on as their job.
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43075 β€Ό

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers.

πŸ“– Read

via "National Vulnerability Database".
218 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-32586 β€Ό

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.

πŸ“– Read

via "National Vulnerability Database".
216 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-15936 β€Ό

A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets.

πŸ“– Read

via "National Vulnerability Database".
207 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24718 β€Ό

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the `svg` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.4.

πŸ“– Read

via "National Vulnerability Database".
215 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24717 β€Ό

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5, a cross site scripting (XSS) issue can occur when providing untrusted input to the `redirect.link` property as an argument to the `build(MessagePageOptions)` function. While there is no known workaround at this time, there is a patch in version 0.1.5.

πŸ“– Read

via "National Vulnerability Database".
224 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41193 β€Ό

wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.

πŸ“– Read

via "National Vulnerability Database".
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22300 β€Ό

A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.

πŸ“– Read

via "National Vulnerability Database".
268 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43077 β€Ό

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers.

πŸ“– Read

via "National Vulnerability Database".
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ RCE Bugs in WhatsApp, Other Hugely Popular VoIP Apps: Patch Now! ❌

The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations.

πŸ“– Read

via "Threat Post".
Threat Post
RCE Bugs in Hugely Popular VoIP Apps: Patch Now!
The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations.
383 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ IRONSCALES Expands Product Offering Across Email, Communication Platforms πŸ•΄

New solutions protect customers from expanding threats to cybersecurity landscape.

πŸ“– Read

via "Dark Reading".
Dark Reading
IRONSCALES Expands Product Offering Across Email, Communication Platforms
New solutions protect customers from expanding threats to cybersecurity landscape.
334 views