Popular Video Editing Software Website Hacked to Spread Banking Trojan

If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer. The official website of the VSDC software — one of the most popular, free video...

Popular Video Editing Software Website Hacked to Spread Banking Trojan

If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer. The official website of the VSDC software — one of the most popular, free video...

MyCar Controls uses hard-coded credentials

Overview The MyCar Controls mobile applications prior to v3.4.24 on iOS and prior to v4.1.2 on Android contains hard-coded admin credentials. Description MyCar is a small aftermarket telematics unit from AutoMobility Distribution Inc. MyCar add smartphone-controlled geolocation, remote start/stop...

FreeBSD : Gitlab -- Multiple vulnerabilities (da459dbc-5586-11e9-abd6-001b217b3468)

Gitlab reports : DoS potential for regex in CI/CD refs Related branches visible in issues for guests Persistent XSS at merge request resolve conflicts Improper authorization control 'move issue' Guest users of private projects have access to releases DoS potential on project languages page Recuri...

Gitlab -- Multiple vulnerabilities

Gitlab reports: DoS potential for regex in CI/CD refs Related branches visible in issues for guests Persistent XSS at merge request resolve conflicts Improper authorization control "move issue" Guest users of private projects have access to releases DoS potential on project languages page Recurit...

Location data leaks from family tracking app database

An app called Family Locator, which allows family members to keep track of one another recently experienced an exposed database issue of the worst kind. Specifically: the MongoDB database was left exposed with no password, like so many other recent infosec tales of woe. The end result is the...

Androwarn - Yet Another Static Code Analyzer For Malicious Android Applications

Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application. The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali, with the androguard library. This analysis...

vBulletin 4.2.5 Member Map 1.1.2 Open Redirection

Exploit Title : vBulletin 4.2.5 Member Map 1.1.2 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 04/03/2019 Vendor Homepage : vbulletin.com dragonbyte-tech.com Software Information Link : dragonbyte-tech.com/store/member-map.229/ Software Affect...

ipip-coffee downloads Resources over HTTP

Affected versions of ipip-coffee insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This could impact the integrity and availability of the data being used to make geolocation decisions by an...

GHSA-M8PW-H8QJ-RGJ9 ipip-coffee downloads Resources over HTTP

Affected versions of ipip-coffee insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This could impact the integrity and availability of the data being used to make geolocation decisions by an...

Pre-Installed Android App Impacts Millions with Slew of Malicious Activity

A pre-installed Android application on Alcatel smartphones has been found surreptitiously siphoning off geolocation data, email addresses and phone identification numbers and sending the data to a server in China. Analysts with Upstream’s Secure-D platform said that the app, Weather Forecast—Worl...

Weather Channel App in a Deluge of Legal Trouble for Data Misuse

A lawsuit filed Thursday alleges that the popular Weather Channel App misled its users about how it would use the personal – and extremely precise – location data that it collects. IBM subsidiary The Weather Channel TWC markets its free app as the world’s most downloaded weather app, touting 45...

Android OS API-Breaking Flaw Offers Useful WiFi Data to Bad Actors

An “API-breaking” vulnerability has been uncovered that potentially exposes Android device systems data to rogue apps — information that could be very useful to bad actors. Researchers from Nightwatch Cybersecurity System said that certain all-points-bulletins sent out by the Android OS expose...

Android OS WiFi Broadcast Sensitive Data Exposure

Blog post here: https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/ TITLE Sensitive Data Exposure via WiFi Broadcasts in Android OS CVE-2018-9489 SUMMARY System broadcasts by Android OS expose information about the users...

Researchers Developed Artificial Intelligence-Powered Stealthy Malware

Artificial Intelligence AI has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization. However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade...

Researchers Developed Artificial Intelligence-Powered Stealthy Malware

Artificial Intelligence AI has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization. However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade...

Seeker - Find GeoLocation With High Accuracy

Seeker utilizes HTML5, Javascript, JQuery and PHP to grab Device Information and GeoLocation with High Accuracy. Other tools and services offer IP Geolocation which is not very accurate and does not give location of user. Generally if a user accepts location permsission, Accuracy of the informati...

Black Owl - Tool To Gather Information, Based On Operative-Framework

This is a simple tool to gather information, based on Operative-Framework. Requirements requests pythonwhois beautifulsoup4 Install requirements $ pip install -r requirements.txt How to use $ git clone https://github.com/qqwaszx/blackowl.git $ python main.py : blackowl help Modules /core/modules/...

Polar Fitness App Exposes Location of ‘Spies’ and Military Personnel

Fitness device maker Polar Flow suspended an Explore tracking feature on its mobile app after researchers discovered profile and geolocation data of high-ranking military personnel and “spies” that were being exposed to the public on its network. In a report released by Dutch publication De...

Cross site request forgery (csrf)

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scanresults JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its...