πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44040 β€Ό

Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1.

πŸ“– Read

via "National Vulnerability Database".
220 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0862 β€Ό

A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This functionality was removed from the User Interface in ePO 10 and the API has now been disabled. Other protection is in place to reduce the likelihood of this being successful through sending a link to a logged in user.

πŸ“– Read

via "National Vulnerability Database".
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0859 β€Ό

McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.

πŸ“– Read

via "National Vulnerability Database".
254 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Web vendor CafePress fined $500,000 for giving cybersecurity a low value ⚠

Just because you're the victim of a cybercrime doesn't let you off your cybersecurity obligations

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
265 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ DeadBolt Ransomware Resurfaces to Hit QNAP Again ❌

A new steady stream of attacks against network-attached storage devices from the Taiwan-based vendor is similar to a wave that occurred in January.

πŸ“– Read

via "Threat Post".
Threat Post
DeadBolt Ransomware Resurfaces to Hit QNAP Again
A new steady stream of attacks against network-attached storage devices from the Taiwan-based vendor is similar to a wave that occurred in January.
260 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Cyber Insurance and War Exclusions πŸ•΄

Here's what a cybersecurity lawyer thinks security pros need to know in light of Russia's invasion of Ukraine.

πŸ“– Read

via "Dark Reading".
Dark Reading
Cyber Insurance and War Exclusions
Here's what a cybersecurity lawyer thinks security pros need to know in light of Russia's invasion of Ukraine.
274 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Could Gaming Close the Cyberskills Gap? πŸ•΄

The Wicked6 hackathon helps women to develop their professional cybersecurity skills while networking and playing games.

πŸ“– Read

via "Dark Reading".
Dark Reading
Could Gaming Close the Cyberskills Gap?
The Wicked6 hackathon helps women to develop their professional cybersecurity skills while networking and playing games.
300 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Serious Security: DEADBOLT – the ransomware that goes straight for for your backups ⚠

Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already.

πŸ“– Read

via "Naked Security".
Naked Security
Serious Security: DEADBOLT – the ransomware that goes straight for your backups
Some tips on how to keep your network safe – even (or perhaps especially!) if you think you’re safe already.
293 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43736 β€Ό

CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule

πŸ“– Read

via "National Vulnerability Database".
273 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43738 β€Ό

An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can add the administrator account.

πŸ“– Read

via "National Vulnerability Database".
261 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22316 β€Ό

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.

πŸ“– Read

via "National Vulnerability Database".
264 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-44139 β€Ό

Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).

πŸ“– Read

via "National Vulnerability Database".
251 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43737 β€Ό

An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify administrator account's password.

πŸ“– Read

via "National Vulnerability Database".
258 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43735 β€Ό

CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.

πŸ“– Read

via "National Vulnerability Database".
278 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23242 β€Ό

TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.

πŸ“– Read

via "National Vulnerability Database".
297 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Cybercrime Cost U.S. $6.9 Billion in 2021 πŸ”

The FBI's annual look at phishing, scam, and personal data breach statistics is out.

πŸ“– Read

via "".
Digital Guardian
Cybercrime Cost U.S. $6.9 Billion in 2021
The FBI's annual look at phishing, scam, and personal data breach statistics is out.
305 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Okta Says 366 Customers Impacted via Third-Party Breach πŸ•΄

Microsoft meanwhile confirms Lapsus$ group compromised it as well and issues warning on threat actor.

πŸ“– Read

via "Dark Reading".
Dark Reading
Okta Says 366 Customers Impacted via Third-Party Breach
Microsoft meanwhile confirms Lapsus$ group compromised it as well and issues warning on threat actor.
313 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ FBI: Cybercrime Victims Suffered Losses of Over $6.9B in 2021 πŸ•΄

The Internet Crime Complaint Center fielded 847,376 cybercrime reports last year, an increase of 7% from 2020.

πŸ“– Read

via "Dark Reading".
Dark Reading
FBI: Cybercrime Victims Suffered Losses of Over $6.9B in 2021
The Internet Crime Complaint Center fielded 847,376 cybercrime reports last year, an increase of 7% from 2020.
297 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-38278 β€Ό

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.

πŸ“– Read

via "National Vulnerability Database".
277 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46064 β€Ό

IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image.

πŸ“– Read

via "National Vulnerability Database".
282 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26243 β€Ό

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.

πŸ“– Read

via "National Vulnerability Database".
270 views