πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-32394 β€Ό

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/view_inmate.php:3

πŸ“– Read

via "National Vulnerability Database".
206 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-32397 β€Ό

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/view_visit.php:4

πŸ“– Read

via "National Vulnerability Database".
233 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-32403 β€Ό

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_record.php:4

πŸ“– Read

via "National Vulnerability Database".
288 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-32405 β€Ό

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4

πŸ“– Read

via "National Vulnerability Database".
296 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-32395 β€Ό

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4

πŸ“– Read

via "National Vulnerability Database".
326 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Google Warns Spyware Being Deployed Against Android, iOS Users ❌

The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.

πŸ“– Read

via "Threat Post".
Threat Post
Google Warns Spyware Being Deployed Against Android, iOS Users
The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.
326 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ—“οΈ BSides Cleveland organizer steps down after controversial guest added as β€˜surprise’ speaker πŸ—“οΈ

Fury among online community over decision to include presenter

πŸ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
BSides Cleveland organizer steps down after controversial guest added as β€˜surprise’ speaker
Fury among online community over decision to include presenter
321 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Without Conti On The Scene, LockBit 2.0 Leads Ransomware Attacks πŸ•΄

Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.

πŸ“– Read

via "Dark Reading".
Dark Reading
Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks
Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.
306 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ The Cybersecurity Talent Shortage Is a Myth πŸ•΄

We have a tech innovation problem, not a staff retention (or recruitment) problem.

πŸ“– Read

via "Dark Reading".
Dark Reading
The Cybersecurity Talent Shortage Is a Myth
We have a tech innovation problem, not a staff retention (or recruitment) problem.
308 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript] ⚠

Latest epsiode - listen (or read) now!

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]
Latest epsiode – listen (or read) now!
276 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 7 Steps to Stronger SaaS Security πŸ•΄

Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security.

πŸ“– Read

via "Dark Reading".
Dark Reading
7 Steps to Stronger SaaS Security
Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security.
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-32530 β€Ό

A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior)

πŸ“– Read

via "National Vulnerability Database".
229 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41637 β€Ό

Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users.

πŸ“– Read

via "National Vulnerability Database".
220 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41636 β€Ό

MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply.

πŸ“– Read

via "National Vulnerability Database".
199 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41634 β€Ό

A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames.

πŸ“– Read

via "National Vulnerability Database".
194 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41638 β€Ό

The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
211 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41639 β€Ό

MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file.

πŸ“– Read

via "National Vulnerability Database".
211 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2021-41635 β€Ό

When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.

πŸ“– Read

via "National Vulnerability Database".
218 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ OpenSSL issues a bugfix for the previous bugfix ⚠

Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

πŸ“– Read

via "Naked Security".
Naked Security
OpenSSL issues a bugfix for the previous bugfix
Fortunately, it’s not a major bugfix, which means it’s easy to patch and can teach us all some useful lessons.
218 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” Friday Five 6/24 πŸ”

Read about how daycare apps may be putting your security at risk, why to double-check before ordering your COVID-19 test, the newest cybersecurity legislation signed into law, and more in this week's Friday Five!


πŸ“– Read

via "".
212 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2104 β€Ό

The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).

πŸ“– Read

via "National Vulnerability Database".
173 views