82 matches found
EUVD-2020-27800
Malware in sbrugna...
EUVD-2018-3962
Malware in sbrugna...
EUVD-2022-29098
Malicious code in bioql PyPI...
EUVD-2022-35866
Malicious code in bioql PyPI...
TeaOnHer, the male version of Tea, is leaking personal information on its users too
Last week we reported about some serious leaks in Tea Dating Advice, an app that provides a space for women to exchange information about men they know, have met, or have dated in the past. The app aims to provide a platform where people can share relevant information about, say, potentially...
CVE-2023-44125
The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAGIMMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Personalized service "com.lge.abba" app. The attacker's app, if it had access to app notifications, could...
CVE-2019-15450
The Samsung j3popeltecan Android device with a build fingerprint of samsung/j3popeltevl/j3popeltecan:8.1.0/M1AJQ/J327WVLS3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000100, versionName=7.0.1.0 that allows other...
CVE-2025-32884
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...
Sungrow iSolarCloud Android App, WiNet Firmware
RISK EVALUATION Successful exploitation of these vulnerabilities could result in attackers being able to access and could modify sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
Security Bulletin: IBM Software Support mobile app is vulnerable to multiple vulnerabilities due to 3rd party software
Summary This release includes information about multiple vulnerabilities, improving the overall security and stability of the application. The types of vulnerabilities resolved include: Cross-Site Scripting XSS Vulnerability: Addressed an issue that could allow an attacker to inject malicious...
About the security content of macOS Ventura 13.7
About the security content of macOS Ventura 13.7 This document describes the security content of macOS Ventura 13.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...
Sysrv botnet is out to mine Monero on your Windows and Linux servers
In a Twitter thread, the Microsoft Security Intelligence team have revealed new information about the latest versions of the Sysrv botnet. The variant they focused on uses a range of known exploits for vulnerabilities in web apps and databases to install cryptocurrency miners on both Windows and...
APT41 Spies Broke Into 6 US State Networks via a Livestock App
USAHerds – an app used PDF by farmers to speed their response to diseases and other threats to their livestock – has itself become an infection vector, used to pry open at least six U.S. state networks by one of China’s most prolific state-sponsored espionage groups. In a report published by...
30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware
In less time than it takes to get a stuffed crust pizza delivered, a new group called SnapMC can breach an organization’s systems, steal their sensitive data, and demand payment to keep it from being published, according to a new report from NCC Group’s threat intelligence team — no ransomware...
A week in security (May 6 – 12)
Last week on Labs, we discussed what to do when you discover a data breach, how 5G could impact cybersecurity strategy, the top six takeaways for user privacy, vulnerabilities in financial mobile apps that put consumers and businesses at risk, and in our series about vital infrastructure, we...
A Mobile App Scanner is Not Just Another App
Mobile applications assist us mightily with our daily tasks. They increase our productivity with anywhere, anytime, high-functioning tools, and they help us communicate and share information with family members, friends, and co-workers. Every day, the rapidly evolving app market brings us more ap...
You down with P2P? 10 tips to secure your mobile payment app
If you look at the figures, you cannot deny that the eCommerce industry is steadily growing. More and more people are doing their shopping online, not only for products and services geared toward the use of technologies and the Internet, but also for items previously only found in brick and morta...
Growatt Monitoring System Android App Multiple Override Access Vulnerabilities
Growatt Monitoring System Android APP is a client application that provides PV monitoring services. Growatt Monitoring System Android APP has overstepped access vulnerabilities in multiple places. Attackers can obtain sensitive information, including: power plant equipment information, name, powe...
On the macOS Keychain Attack, Signal’s New Contact Service, the Deloitte Hack, and More
Mike Mimoso and Chris Brook recap the news of the week, including the macOS Keychain attack, Signal’s new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities. Download: ThreatpostNewsWrapSeptember292017.mp3 Music by Chris Gonsalves Show...
Palm North App has multiple vulnerabilities
Palm Shang Beiguo APP is a comprehensive mobile media platform created by Shijiazhuang Beiren Group, which integrates online shopping, member services, e-membership, member e-wallet, integral activities, coupon issuance, parking, navigation, scheduling, seat selection and other services. There ar...