🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Cymulate Raises $70M Series D Funding for Continuous Security Posture Testing 🕴

Investor participation from prior round demonstrates confidence in the company's current and future performance.

📖 Read

via "Dark Reading".
Dark Reading
Cymulate Raises $70M Series D Funding for Continuous Security Posture Testing
Investor participation from prior round demonstrates confidence in the company's current and future performance.
506 views
🛡 Cybersecurity & Privacy 🛡 - News
⚠ Chrome and Edge fix zero-day security hole – update now! ⚠

This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.

📖 Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
523 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 The 3 Fundamentals of Building an Effective IoMT Security Strategy 🕴

The high stakes and unique priorities for Internet of Medical Things devices require specialized cybersecurity strategies.

📖 Read

via "Dark Reading".
Dark Reading
The 3 Fundamentals of Building an Effective IoMT Security Strategy
The high stakes and unique priorities for Internet of Medical Things devices require specialized cybersecurity strategies.
419 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Internet Security & Encryption Pioneer Peter Eckersley Passes at 43 🕴

The founder of Let's Encrypt and an EFF technologist, Eckersley devoted his life's work to making the Internet safer and more secure.

📖 Read

via "Dark Reading".
Dark Reading
Internet Security & Encryption Pioneer Peter Eckersley Passes at 43
The founder of Let's Encrypt and an EFF technologist, Eckersley devoted his life's work to making the Internet safer and more secure.
372 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40111 ‼

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.

📖 Read

via "National Vulnerability Database".
310 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37841 ‼

In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample.

📖 Read

via "National Vulnerability Database".
279 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37839 ‼

TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi.

📖 Read

via "National Vulnerability Database".
267 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-36584 ‼

In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser function has a buffer overflow caused by sscanf.

📖 Read

via "National Vulnerability Database".
249 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40110 ‼

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa.

📖 Read

via "National Vulnerability Database".
243 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26114 ‼

An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages.

📖 Read

via "National Vulnerability Database".
239 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37842 ‼

In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability.

📖 Read

via "National Vulnerability Database".
230 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-43076 ‼

An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access.

📖 Read

via "National Vulnerability Database".
226 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37840 ‼

In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability.

📖 Read

via "National Vulnerability Database".
227 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40112 ‼

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa.

📖 Read

via "National Vulnerability Database".
227 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-37843 ‼

In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability.

📖 Read

via "National Vulnerability Database".
233 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-40109 ‼

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa.

📖 Read

via "National Vulnerability Database".
234 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-43080 ‼

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors.

📖 Read

via "National Vulnerability Database".
271 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-31020 ‼

Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.

📖 Read

via "National Vulnerability Database".
289 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 Name That Edge Toon: Mime's the Word 🕴

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

📖 Read

via "Dark Reading".
Dark Reading
Name That Edge Toon: Mime's the Word
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
266 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 As LA Unified Battles Ransomware, CISA Warns About Back-to-School Attacks 🕴

Hours after Los Angeles Unified School District hit with ransomware attack, CISA issued an alert that threat actors are actively targeting the education sector.

📖 Read

via "Dark Reading".
Dark Reading
As LA Unified Battles Ransomware, CISA Warns About Back-to-School Attacks
Hours after Los Angeles Unified School District was hit with ransomware attack, CISA issued an alert that threat actors are actively targeting the education sector.
269 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-26455 ‼

In gz, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177858; Issue ID: ALPS07177858.

📖 Read

via "National Vulnerability Database".
206 views