πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2018-13983

ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.

πŸ“– Read

via "National Vulnerability Database".
42 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Microsoft Debuts ElectionGuard to Secure Voting Processes πŸ•΄

The new software development kit - free and open source - will be available to election officials and technology suppliers this summer.

πŸ“– Read

via "Dark Reading: ".
Dark Reading
Endpoint Security recent news | Dark Reading
Explore the latest news and expert commentary on Endpoint Security, brought to you by the editors of Dark Reading
42 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 'Matrix'-Themed Ransomware Variant Spreads πŸ•΄

MegaCortex uses a compromised domain controller in its attack.

πŸ“– Read

via "Dark Reading: ".
Dark Reading
'Matrix'-Themed Ransomware Variant Spreads
MegaCortex uses a compromised domain controller in its attack.
42 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Password Reuse, Misconfiguration Blamed for Repository Compromises πŸ•΄

Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.

πŸ“– Read

via "Dark Reading: ".
Darkreading
Password Reuse, Misconfiguration Blamed for Repository Compromises
Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.
42 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ WP Live Chat WordPress Plugin Re-Patches File Upload Flaw ❌

After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued.

πŸ“– Read

via "Threatpost".
Threat Post
WP Live Chat WordPress Plugin Re-Patches File Upload Flaw
After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued.
41 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Attackers Add a New Spin to Old Scams πŸ•΄

Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.

πŸ“– Read

via "Dark Reading: ".
Darkreading
Attackers Add a New Spin to Old Scams
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
46 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2017-18279

Lack of check of buffer length before copying can lead to buffer overflow in camera module in Small Cell SoC, Snapdragon Mobile, Snapdragon Wear in FSM9055, FSM9955, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016.

πŸ“– Read

via "National Vulnerability Database".
43 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2017-18278

An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer overflow, in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850.

πŸ“– Read

via "National Vulnerability Database".
41 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2017-18276

Secure camera logic allows display/secure camera controllers to access HLOS memory during secure display or camera session in Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850

πŸ“– Read

via "National Vulnerability Database".
41 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2017-18275

A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845.

πŸ“– Read

via "National Vulnerability Database".
40 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2017-18274

While iterating through the models contained in a fixed-size array in the actData structure, which also stores an incorrect number of models that is greater than the size of the array, a buffer overflow occurs in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835

πŸ“– Read

via "National Vulnerability Database".
40 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2017-18173

In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.

πŸ“– Read

via "National Vulnerability Database".
40 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2017-18157

A Use After Free Condition can occur in Thermal Engine in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.

πŸ“– Read

via "National Vulnerability Database".
43 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2017-18156

While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20.

πŸ“– Read

via "National Vulnerability Database".
49 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2017-18131

In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.

πŸ“– Read

via "National Vulnerability Database".
58 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2017-15841

When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016.

πŸ“– Read

via "National Vulnerability Database".
65 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Weekly review – the hot 25 stories of last week ⚠

From malware-stuffed piracy apps to the Docker breach, get yourself up to date with everything we wrote last week - it's roundup time.

πŸ“– Read

via "Naked Security".
Naked Security
Weekly review – the hot 25 stories of last week
From malware-stuffed piracy apps to the Docker breach, get yourself up to date with everything we wrote last week – it’s roundup time.
63 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Blockchain project settles cross-border payment ⚠

Singapore’s central bank sent a payment to Canada using blockchain technology last week, in a clear signal that the technology has value.

πŸ“– Read

via "Naked Security".
Naked Security
Blockchain project settles cross-border payment
Singapore’s central bank sent a payment to Canada using blockchain technology last week, in a clear signal that the technology has value.
59 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Dark web marketplace Wall Street Market busted by international police ⚠

It went down in flames, with a rogue admin blackmailing vendors and buyers and leaking login credentials and the IP address.

πŸ“– Read

via "Naked Security".
Naked Security
Dark web marketplace Wall Street Market busted by international police
It went down in flames, with a rogue admin blackmailing vendors and buyers and leaking login credentials and the IP address.
47 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Firefox add-ons with obfuscated code will be banned by Mozilla ⚠

The updated Add-on Policy aims to rid Firefox of third-party malicious code that hides what it's really up to.

πŸ“– Read

via "Naked Security".
Naked Security
Firefox add-ons with obfuscated code will be banned by Mozilla
The updated Add-on Policy aims to rid Firefox of third-party malicious code that hides what it’s really up to.
51 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server πŸ•΄

Turla hacking team abuses a legitimate feature of the Exchange server in order to hide out and access all of the target organization's messages.

πŸ“– Read

via "Dark Reading: ".
Darkreading
Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server
Turla hacking team abuses a legitimate feature of the Exchange server in order to hide out and access all of the target organization's messages.
48 views