πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2011-4090

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.

πŸ“– Read

via "National Vulnerability Database".
75 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2011-4082

A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.

πŸ“– Read

via "National Vulnerability Database".
76 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2011-4076

OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.

πŸ“– Read

via "National Vulnerability Database".
68 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2011-3632

Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.

πŸ“– Read

via "National Vulnerability Database".
57 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2011-3631

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.

πŸ“– Read

via "National Vulnerability Database".
58 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2011-3630

Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable.

πŸ“– Read

via "National Vulnerability Database".
55 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2011-3624

Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.

πŸ“– Read

via "National Vulnerability Database".
56 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2011-3617

Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.

πŸ“– Read

via "National Vulnerability Database".
59 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2011-3609

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.

πŸ“– Read

via "National Vulnerability Database".
61 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2011-3606

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.

πŸ“– Read

via "National Vulnerability Database".
72 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
ATENTIONβ€Ό New - CVE-2011-3600

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04.

πŸ“– Read

via "National Vulnerability Database".
73 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Sir Tim Berners-Lee publishes plan to save the web from β€˜digital dystopia’ ⚠

Web inventor Sir Tim Berners-Lee has proposed a 'Contract for the Web' to rescue it from a headlong plunge into a moral abyss.

πŸ“– Read

via "Naked Security".
Naked Security
Sir Tim Berners-Lee publishes plan to save the web from β€˜digital dystopia’
Web inventor Sir Tim Berners-Lee has proposed a β€˜Contract for the Web’ to rescue it from a headlong plunge into a moral abyss.
69 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Black Friday Shoppers Targeted By Scams and Fake Domains ❌

Cybercriminals are tapping in on Black Friday and Cyber Monday shoppers with an array of scams and malware - including domain impersonation, social media giveaway scams, and a malicious Chrome extension.

πŸ“– Read

via "Threatpost".
Threat Post
Black Friday Shoppers Targeted By Scams and Fake Domains
Cybercriminals are tapping in on Black Friday and Cyber Monday shoppers with an array of scams and malware - including domain impersonation, social media giveaway scams, and a malicious Chrome extension.
65 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ National Veterinary Associates catches dose of ransomware ⚠

Ransomware attacks don't discriminate - and are just as happy targeting those with four legs as those with two.

πŸ“– Read

via "Naked Security".
Naked Security
National Veterinary Associates catches dose of ransomware
Ransomware attacks don’t discriminate – and are just as happy targeting those with four legs as those with two.
63 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Court says suspect can’t be forced to reveal 64-character password ⚠

We have to protect the constitutional rights of the innocent, and that can mean shielding guilty-as-hell child abusers, the court said.

πŸ“– Read

via "Naked Security".
Naked Security
Court says suspect can’t be forced to reveal 64-character password
We have to protect the constitutional rights of the innocent, and that can mean shielding guilty-as-hell child abusers, the court said.
67 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Parents say creep hacked their baby monitor to tell toddler they β€˜love’ her ⚠

The Taococo FREDI baby monitor has repeatedly been criticized for being easy to hack.

πŸ“– Read

via "Naked Security".
Naked Security
Parents say creep hacked their baby monitor to tell toddler they β€˜love’ her
The Taococo FREDI baby monitor has repeatedly been criticized for being easy to hack.
65 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Naked Security needs an intern! Here’s how to apply ⚠

Naked Security is looking for a content marketing intern to join the team for 12 months in 2020.

πŸ“– Read

via "Naked Security".
Naked Security
Naked Security needs an intern! Here’s how to apply
Naked Security is looking for a content marketing intern to join the team for 12 months in 2020.
57 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ” How scammers use Black Friday to target consumers πŸ”

Holiday shopping scams try to bait consumers with special giveaways, giftcards, discounts, and coupons, according to a new report from cyber security company ZeroFOX.

πŸ“– Read

via "Security on TechRepublic".
TechRepublic
How scammers use Black Friday to target consumers
Holiday shopping scams try to bait consumers with special giveaways, giftcards, discounts, and coupons, according to a new report from cyber security company ZeroFOX.
60 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΅ NordPass – Password Manager Review πŸ•΅


πŸ“– Read

via "VPNpro".
VPNpro
NordPass Password Manager Review – Should You Get It? | VPNpro
Should you get NordPass password manager? Should it be Free or Premium version? Cybersecurity experts answer this in our NordPass review.
57 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ 5 Ways to Champion and Increase Your 2020 Security Budget πŸ•΄

Give your organization's leadership an impactful, out-of-office experience so they know what's at stake with their budgeting decisions.

πŸ“– Read

via "Dark Reading: ".
Dark Reading
5 Ways to Champion and Increase Your 2020 Security Budget
Give your organization's leadership an impactful, out-of-office experience so they know what's at stake with their budgeting decisions.
60 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
❌ Managing the Human Security Factor in the Age of Ransomware ❌

Convincing employees to take security seriously takes more than awareness campaigns.

πŸ“– Read

via "Threatpost".
Threat Post
Managing the Human Security Factor in the Age of Ransomware
Convincing employees to take security seriously takes more than awareness campaigns.
61 views