πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ ByteChek Founder AJ Yawn Brings Discipline to Everything He Does πŸ•΄

Security Pro File: The former Army captain, whose security startup is on an upward trajectory, works hard to "make compliance suck less."

πŸ“– Read

via "Dark Reading".
Dark Reading
ByteChek Founder AJ Yawn Brings Discipline to Everything He Does
Security Pro File: The former Army captain, whose security startup is on an upward trajectory, works hard to "make compliance suck less."
270 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast] ⚠

Latest episode - listen now! Cybersecurity news and advice in plain English.

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]
Latest episode – listen now! Cybersecurity news and advice in plain English.
272 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now! ⚠

A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it.

πŸ“– Read

via "Naked Security".
Naked Security
Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now!
A rogue line-continuation character can trick the code into validating just the second half of the line, but executing all of it.
263 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Google Play Bitten by Sharkbot Info-stealer β€˜AV Solution’ ❌

Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times.

πŸ“– Read

via "Threat Post".
Threat Post
Google Play Bitten by Sharkbot Info-stealer β€˜AV Solution’
Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times.
276 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41715 β€Ό

libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.

πŸ“– Read

via "National Vulnerability Database".
248 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27044 β€Ό

libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876.

πŸ“– Read

via "National Vulnerability Database".
257 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27046 β€Ό

libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.

πŸ“– Read

via "National Vulnerability Database".
281 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ›  OpenSSH 9.0p1 πŸ› 

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

πŸ“– Read

via "Packet Storm Security".
Packetstormsecurity
OpenSSH 9.0p1 β‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
πŸ‘1
278 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-40656 β€Ό

libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.

πŸ“– Read

via "National Vulnerability Database".
233 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-22339 β€Ό

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736.

πŸ“– Read

via "National Vulnerability Database".
225 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27148 β€Ό

GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.

πŸ“– Read

via "National Vulnerability Database".
211 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27147 β€Ό

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.

πŸ“– Read

via "National Vulnerability Database".
190 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27047 β€Ό

mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27146 β€Ό

GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2020-4668 β€Ό

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
197 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43521 β€Ό

A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c.

πŸ“– Read

via "National Vulnerability Database".
202 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43515 β€Ό

A CSV Injection vulnerablity exists in Kimai Kimai 2 > 1.14 via a description in a new timesheet.

πŸ“– Read

via "National Vulnerability Database".
208 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43483 β€Ό

An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication.

πŸ“– Read

via "National Vulnerability Database".
230 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27145 β€Ό

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.

πŸ“– Read

via "National Vulnerability Database".
242 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43517 β€Ό

FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530.

πŸ“– Read

via "National Vulnerability Database".
255 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Software-as-a-Service Rules the Cloud πŸ•΄

Half of the IT professionals surveyed who use cloud services also employ infrastructure-as-a-service and platform-as-a-service.

πŸ“– Read

via "Dark Reading".
Dark Reading
Software-as-a-Service Rules the Cloud
Half of the IT professionals surveyed who use cloud services also employ infrastructure-as-a-service and platform-as-a-service.
πŸ‘1
254 views