🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
🛠 I2P 1.8.0 🛠

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

📖 Read

via "Packet Storm Security".
Packetstormsecurity
I2P 1.8.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
209 views
🛡 Cybersecurity & Privacy 🛡 - News
🛠 TP-Link Backup Decryption Utility 🛠

This is a small tool written to help decrypt encrypted TP-Link backups.

📖 Read

via "Packet Storm Security".
Packetstormsecurity
TP-Link Backup Decryption Utility ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
221 views
🛡 Cybersecurity & Privacy 🛡 - News
🛠 Deliverance 0.018-daf9452 File Descriptor Fuzzer 🛠

Deliverance is a file descriptor fuzzer written in bash. It injects random data into file descriptors of pids associated with a process until the program crashes, then outputs the results of what caused the crash. It leaves behind files that were used as input for the last 2 minutes before the fault, useful for reproduction.

📖 Read

via "Packet Storm Security".
Packetstormsecurity
Deliverance 0.018-daf9452 File Descriptor Fuzzer ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
207 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Strong Password Policy Isn't Enough, Study Shows 🕴

New analysis reveals basic regulatory password requirements fall far short of providing protection from compromise.

📖 Read

via "Dark Reading".
Dark Reading
Strong Password Policy Isn't Enough, Study Shows
New analysis reveals basic regulatory password requirements fall far short of providing protection from compromise.
196 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 XM Cyber Adds New Security Capability for Microsoft Active Directory 🕴

Company to debut its AD capabilities at the 2022 RSA Conference.

📖 Read

via "Dark Reading".
Dark Reading
XM Cyber Adds New Security Capability for Microsoft Active Directory
Company to debut its AD capabilities at the 2022 RSA Conference.
191 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-22309 ‼

The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095.

📖 Read

via "National Vulnerability Database".
170 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-4926 ‼

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.

📖 Read

via "National Vulnerability Database".
160 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-4229 ‼

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.

📖 Read

via "National Vulnerability Database".
151 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-29249 ‼

JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading.

📖 Read

via "National Vulnerability Database".
148 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-22495 ‼

IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941.

📖 Read

via "National Vulnerability Database".
149 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2013-10004 ‼

A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.

📖 Read

via "National Vulnerability Database".
153 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-4230 ‼

A vulnerability has been found in Airfield Online and classified as problematic. This vulnerability affects the path /backups/ of the MySQL backup handler. An attacker is able to get access to sensitive data without proper authentication. It is recommended to the change the configuration settings.

📖 Read

via "National Vulnerability Database".
155 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-1849 ‼

Session Fixation in GitHub repository filegator/filegator prior to 7.8.0.

📖 Read

via "National Vulnerability Database".
157 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2013-10003 ‼

A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.

📖 Read

via "National Vulnerability Database".
173 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2013-10002 ‼

A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.

📖 Read

via "National Vulnerability Database".
204 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2014-125001 ‼

A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.

📖 Read

via "National Vulnerability Database".
226 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 New Connecticut Privacy Law Makes Path to Compliance More Complex 🕴

As states address privacy with ad-hoc laws, corporate compliance teams try to balance yet another set of similar but diverging requirements.

📖 Read

via "Dark Reading".
Dark Reading
New Connecticut Privacy Law Makes Path to Compliance More Complex
As states address privacy with ad-hoc laws, corporate compliance teams try to balance yet another set of similar but diverging requirements.
213 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-42612 ‼

A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.

📖 Read

via "National Vulnerability Database".
202 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-3597 ‼

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

📖 Read

via "National Vulnerability Database".
176 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-42613 ‼

A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.

📖 Read

via "National Vulnerability Database".
143 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-1669 ‼

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a "strcpy" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address.

📖 Read

via "National Vulnerability Database".
141 views