59 matches found
Capacitive Touchscreens at Risk: A Practical Side-Channel Attack on Smartphones Via Electromagnetic Emanations
Capacitive touchscreens in modern smartphones introduce severe side-channel vulnerabilities. However, existing attacks often require restrictive conditions or invasive measurements. This paper presents TESLA, a novel, contactless electromagnetic EM side-channel attack that exploits inherent EM...
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. "The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that...
EUVD-2023-37392
Malicious code in bioql PyPI...
⚡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More
Power doesn't just disappear in one big breach. It slips away in the small stuff—a patch that's missed, a setting that's wrong, a system no one is watching. Security usually doesn't fail all at once; it breaks slowly, then suddenly. Staying safe isn't about knowing everything—it's about acting fa...
CVE-2023-33222
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device...
CVE-2021-39810
In verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...
M&S Cyberattack Disrupts Contactless Payments and Click & Collect Services
Marks & Spencer M&S cyberattack disrupts contactless payments and Click & Collect; investigation launched as retailer apologises and…...
SoK: Security of EMV Contactless Payment Systems
The widespread adoption of EMV Europay, Mastercard, and Visa contactless payment systems has greatly improved convenience for both users and merchants. However, this growth has also exposed significant security challenges. This SoK provides a comprehensive analysis of security vulnerabilities in...
London’s city transport hit by cybersecurity incident [updated]
Transport for London TfL, the citys transport authority, is fighting through an ongoing cyberattack. TfL runs three separate units that arrange transports on Londons surface, underground, and Crossrail transportation systems. It serves some 8 million inhabitants of the London metropolitan area. I...
New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards
Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as...
From Offices to Hotels: Backdoor in Contactless Key Cards Enables Mass Cloning
Millions of office and hotel contactless access cards using Fudan Microelectronics chips are vulnerable to a hardware backdoor…...
CVE-2023-50129
Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter...
CVE-2023-33222
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device...
CVE-2023-33222
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device...
Stack overflow
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device...
CVE-2023-33222 Stack buffer overflow when reading DESFire card
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device...
CVE-2023-33222
CVE-2023-33222 describes a stack-based buffer overflow when reading DESFire contactless cards due to a function that does not check data boundaries. Affected context is described as a card-reader/readerStack overflow leading to potential Remote Code Execution on the targeted device. Exploitation ...
PT-2023-24232 · Idemia · Morphowave Compact/Xp +11
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when handling contactless cards, specifically due to the usage of a function that does not check the boundary on the data received whil...
WordPress Plugin SIGMA Lite & Lite+ Buffer Error Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2021-39810
In verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...