243 matches found
New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission
Earlier this month, The Hacker News covered a story on research revealing how over 1300 Android apps are collecting sensitive data even when users have explicitly denied the required permissions. The research was primarily focused on how app developers abuse multiple ways around to collect locati...
Malicious Package
leaflet-gpx contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
angular-location-update contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
geoheat contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
github-jquery-widgets contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
vue-backbone contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
mx-nested-menu contains malicious code. The code when executed in the browser would capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
ngx-pica contains malicious code. The code when executed in the browser will capture password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
[SECURITY] Fedora 29 Update: wireshark-3.0.1-1.fc29
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...
[SECURITY] Fedora 29 Update: tcpflow-1.5.0-4.fc29
tcpflow is a program that captures data transmitted as part of TCP connections flows, and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being...
Security Bulletin: IBM InfoSphere Change Data Capture is affected by a jackson-core open source library vulnerability (CVE-2018-0125)
Summary InfoSphere Data Replication has addressed the following vulnerability: CVE-2018-0125 Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete input validation on user-controll...
Security Bulletin: IBM InfoSphere Change Data Capture is affected by Apache Commons Codec open source library vulnerabilities
Summary InfoSphere Data Replication has addressed the following vulnerabilities: CVE-2010-0001 CVE-2009-0001 Vulnerability Details CVEID: CVE-2010-0001 DESCRIPTION: GNU gzip could allow a remote attacker to execute arbitrary code on the system caused by an integer underflow in the unlzw function...
Security Bulletin: IBM InfoSphere Change Data Capture is affected by an Apache Derby open source library vulnerability (CVE-2015-1832)
Summary IBM InfoSphere Change Data Capture has addressed the following vulnerability: CVE-2015-1832 - Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML datatype and XmlVTI. An attacker could...
Logic flaws exist in the OA system of Shandong Branch of Unicom Systems Integration Co.
Ltd. Shandong Province Branch is a wholly-owned listed branch of China Unicom, with a registered capital of RMB 550 million yuan at its headquarters, which is a large state-owned high-tech enterprise. There is a logic flaw vulnerability in the OA system of Unicom System Integration Ltd Shandong...
Track People on the Internet: trape
Trape is a OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their...
You bet your mobile app consumers are willing to pay with their smartphone
For almost 10 years, there has been a debate over mobile app versus mobile web. Which strategy is right for your business and will consumers really ever buy something with a mobile device? Some of these questions have been clearly answered with time, but some aspects of the debate continue. The...
Multiple Medtronic Product Information Disclosure Vulnerabilities
Medtronic MMT-508 MiniMed insulin pump and others are different models of insulin pumps from Medtronic, USA. An information disclosure vulnerability exists in several Medtronic products, which can be exploited by an attacker to capture the information passed between the controller and pump when t...
CVE-2018-9068
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...
CVE-2018-9068
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...
CVE-2018-9068
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...