πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Nearly 40% of Macs Left Exposed to Two Zero-Day Exploits πŸ•΄

Apple's emergency fixes last week for two actively exploited vulnerabilities neglected previous Big Sur and Catalina versions of macOS, security vendor says.

πŸ“– Read

via "Dark Reading".
Dark Reading
Nearly 40% of Macs Left Exposed to 2 Zero-Day Exploits
Apple's emergency fixes last week for two actively exploited vulnerabilities neglected previous Big Sur and Catalina versions of macOS, security vendor says.
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26607 β€Ό

A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file.

πŸ“– Read

via "National Vulnerability Database".
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26591 β€Ό

FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request.

πŸ“– Read

via "National Vulnerability Database".
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26613 β€Ό

PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php.

πŸ“– Read

via "National Vulnerability Database".
251 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-26605 β€Ό

eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality.

πŸ“– Read

via "National Vulnerability Database".
266 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Zoom's Bug Bounty Programs Soar to $1.8M πŸ•΄

Like other software-reliant firms, the company raised its rewards to spur additional scrutiny by security researchers.

πŸ“– Read

via "Dark Reading".
Dark Reading
Zoom's Bug Bounty Programs Soar to $1.8M
Like other software-reliant firms, the company raised its rewards to spur additional scrutiny by security researchers.
305 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year, Finds "2022 Cyberthreat Defense Report" πŸ•΄

Record-setting ransomware attacks, a shortage of skilled personnel, and low security awareness across the workforce cause headaches for IT security teams.

πŸ“– Read

via "Dark Reading".
Dark Reading
Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year, Finds "2022 Cyberthreat Defense Report"
Record-setting ransomware attacks, a shortage of skilled personnel, and low security awareness across the workforce cause headaches for IT security teams.
359 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-22253 β€Ό

Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.

πŸ“– Read

via "National Vulnerability Database".
357 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27374 β€Ό

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.

πŸ“– Read

via "National Vulnerability Database".
335 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27819 β€Ό

SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).

πŸ“– Read

via "National Vulnerability Database".
349 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27376 β€Ό

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication.

πŸ“– Read

via "National Vulnerability Database".
364 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27373 β€Ό

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE.

πŸ“– Read

via "National Vulnerability Database".
391 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-27375 β€Ό

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars.

πŸ“– Read

via "National Vulnerability Database".
393 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27818 β€Ό

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.

πŸ“– Read

via "National Vulnerability Database".
410 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Serious Security: Darkweb drugs market Hydra taken offline by German police ⚠

Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...

πŸ“– Read

via "Naked Security".
Naked Security
Serious Security: Darkweb drugs market Hydra taken offline by German police
Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English…
❀1πŸ‘1
384 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast] ⚠

Latest episode - listen now! Cybersecurity news and advice in plain English.

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]
Latest episode – listen now! Cybersecurity news and advice in plain English.
330 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46416 β€Ό

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.

πŸ“– Read

via "National Vulnerability Database".
303 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-23900 β€Ό

A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.

πŸ“– Read

via "National Vulnerability Database".
292 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-46417 β€Ό

Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
290 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ MacOS Malware: Myth vs. Truth – Podcast ❌

Huntress Labs R&D Director Jamie Levy busts the old β€œMacs don’t get viruses” myth and offers tips on how MacOS malware differs and how to protect against it.

πŸ“– Read

via "Threat Post".
296 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ Apple paid out $36,000 bug bounty for HTTP request smuggling flaws on core web apps – research πŸ—“οΈ

Queue poisoning attacks allegedly put accounts at risk of takeover

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Apple paid out $36,000 bug bounty for HTTP request smuggling flaws on core web apps – research
Queue poisoning attacks allegedly put accounts at risk of takeover
305 views