πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.9K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.9K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Vulnerable infrastructure operators are 'switching off' security to avoid downtime πŸ“’

Out-of-date systems are vulnerable to cyber attacks and lack purpose-built products to adequately protect them

πŸ“– Read

via "ITPro".
IT PRO
Vulnerable infrastructure operators are 'switching off' security to avoid downtime | IT PRO
Out-of-date systems are vulnerable to cyber attacks and lack purpose-built products to adequately protect them
108 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Recommendations for managing AI risks πŸ“’

Integrate your external AI tool findings into your broader security programs

πŸ“– Read

via "ITPro".
IT PRO
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programs
102 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Report: UK businesses are less secure when using police-endorsed cyber security tool πŸ“’

The cyber security researcher found the developer of the free software to be "incompetent" and the myriad flaws in the cyber crime-fighting monitoring tool left businesses more at risk of cyber attacks

πŸ“– Read

via "ITPro".
IT PRO
Report: UK businesses are less secure when using police-endorsed cyber security tool | IT PRO
The cyber security researcher found the developer of the free software to be "incompetent" and the myriad flaws in the cyber crime-fighting monitoring tool left businesses more at risk of cyber attacks
103 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ ConnectWise unveils new incident response service πŸ“’

New offering provides an β€œimmediate lifeline” to a team of cyber experts in the event of a security breach

πŸ“– Read

via "ITPro".
IT PRO
ConnectWise unveils new incident response service | IT PRO
New offering provides an β€œimmediate lifeline” to a team of cyber experts in the event of a security breach
104 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ REvil ransomware group's infrastructure comes back online hinting at fresh campaign πŸ“’

The ransomware gang's old deep web infrastructure is now redirecting to a new website with new victims

πŸ“– Read

via "ITPro".
IT PRO
REvil ransomware group's infrastructure comes back online hinting at fresh campaign | IT PRO
The ransomware gang's old deep web infrastructure is now redirecting to a new website with new victims
114 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ The Total Economic Impactβ„’ of Mimecast πŸ“’

Cost savings and business benefits enabled by using Mimecast with Microsoft 365

πŸ“– Read

via "ITPro".
ITPro
The Total Economic Impactβ„’ of Mimecast
Cost savings and business benefits enabled by using Mimecast with Microsoft 365
110 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ FBI warns Rust-based ransomware has breached over 60 organisations πŸ“’

The agency has issued an alert warning that the new ransomware has impacted at least 60 global organisations since last November

πŸ“– Read

via "ITPro".
IT PRO
FBI warns Rust-based ransomware has breached over 60 organisations | IT PRO
The agency has issued an alert warning that the new ransomware has impacted at least 60 global organisations since last November
114 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ BT and Toshiba address QKD concerns with new trial πŸ“’

The National Cyber Security Centre (NCSC) previously raised concerns of potential attacks

πŸ“– Read

via "ITPro".
IT PRO
BT and Toshiba address QKD concerns with new trial | IT PRO
The National Cyber Security Centre (NCSC) previously raised concerns of potential attacks
120 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Qualcomm and Mediatek flaws left millions of Android users at risk πŸ“’

An open source audio codec used by chipset firms is believed to have put two-thirds of Android users' private calls and files at risk

πŸ“– Read

via "ITPro".
IT PRO
Qualcomm and Mediatek flaws left millions of Android users at risk | IT PRO
An open source audio codec used by chipset firms is believed to have put two-thirds of Android users' private calls and files at risk
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ What is the LAPSUS$ group and who is behind the criminal operation? πŸ“’

The most prolific cyber criminals of 2022 have largely evaded identification for months despite being anything but secretive in the way they work

πŸ“– Read

via "ITPro".
IT PRO
What is the LAPSUS$ group and who is behind the criminal operation? | IT PRO
The most prolific cyber criminals of 2022 have largely evaded identification for months despite being anything but secretive in the way they work
168 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ GitHub issues final report on supply-chain source code intrusions ⚠

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.

πŸ“– Read

via "Naked Security".
Naked Security
GitHub issues final report on supply-chain source code intrusions
Learn how to find out which apps you’ve given access rights to, and how to revoke those rights immediately in an emergency.
165 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41948 β€Ό

A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".

πŸ“– Read

via "National Vulnerability Database".
164 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-24900 β€Ό

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the "malicious" parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls.

πŸ“– Read

via "National Vulnerability Database".
215 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28452 β€Ό

Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection.

πŸ“– Read

via "National Vulnerability Database".
223 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Friday Five 4/29 πŸ”

Russia gets a taste of its own medicine, K-12 schools feeling the brunt of cyberattacks, and much moreβ€”catch up on these stories and more in this week’s Friday Five!

πŸ“– Read

via "".
πŸ‘1
237 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29935 β€Ό

USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product.

πŸ“– Read

via "National Vulnerability Database".
211 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-43937 β€Ό

Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

πŸ“– Read

via "National Vulnerability Database".
207 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29937 β€Ό

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product.

πŸ“– Read

via "National Vulnerability Database".
183 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28994 β€Ό

Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.

πŸ“– Read

via "National Vulnerability Database".
147 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-1249 β€Ό

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.

πŸ“– Read

via "National Vulnerability Database".
138 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-29451 β€Ό

Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
136 views