πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Most Orgs Would Take Security Bugs Over Ethical Hacking Help ❌

A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old "security by obscurity" ways.

πŸ“– Read

via "Threat Post".
Threat Post
Most Orgs Would Take Security Bugs Over Ethical Hacking Help
A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old "security by obscurity" ways.
324 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ RagnarLocker ransomware struck 52 critical infrastructure entities within two years – FBI πŸ—“οΈ

Agency issues mitigation advice to help organizations tighten network defenses

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
RagnarLocker ransomware struck 52 critical infrastructure entities within two years – FBI
Agency issues mitigation advice to help organizations tighten network defenses
πŸ‘1
313 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast] ⚠

Latest episode - listen now!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
Latest episode – listen now!
293 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0905 β€Ό

Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.

πŸ“– Read

via "National Vulnerability Database".
275 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0906 β€Ό

Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.

πŸ“– Read

via "National Vulnerability Database".
272 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  Falco 0.31.1 πŸ› 

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
Falco 0.31.1 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
292 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance πŸ•΄

While cyber insurance will continue to exist, it will cost more and cover less β€” and that's changing the risk your company faces.

πŸ“– Read

via "Dark Reading".
Dark Reading
Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance
While cyber insurance will continue to exist, it will cost more and cover less β€” and that's changing the risk your company faces.
269 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0725 β€Ό

A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
221 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43970 β€Ό

An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM).

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
203 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-34122 β€Ό

The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.

πŸ“– Read

via "National Vulnerability Database".
166 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-14112 β€Ό

Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000.

πŸ“– Read

via "National Vulnerability Database".
149 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44750 β€Ό

An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands.

πŸ“– Read

via "National Vulnerability Database".
142 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44421 β€Ό

The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a confused deputy that allows a local attacker to access unauthorized information via side-channel analysis.

πŸ“– Read

via "National Vulnerability Database".
140 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-14115 β€Ό

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.

πŸ“– Read

via "National Vulnerability Database".
135 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40048 β€Ό

There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.

πŸ“– Read

via "National Vulnerability Database".
133 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-20049 β€Ό

In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679.

πŸ“– Read

via "National Vulnerability Database".
127 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40057 β€Ό

There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.

πŸ“– Read

via "National Vulnerability Database".
122 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24193 β€Ό

CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api.

πŸ“– Read

via "National Vulnerability Database".
113 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40054 β€Ό

There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity.

πŸ“– Read

via "National Vulnerability Database".
116 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44628 β€Ό

A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

πŸ“– Read

via "National Vulnerability Database".
118 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40059 β€Ό

There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality.

πŸ“– Read

via "National Vulnerability Database".
114 views