CVE-2019-20473

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...

CVE-2025-66558 Nextcloud Twofactor WebAuthn app was updated based on public key

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

WebAuthn app was updated based on public key

None...

PT-2025-49302

Name of the Vulnerable Software and Affected Versions Nextcloud Twofactor WebAuthn versions prior to 1.4.2 Nextcloud Twofactor WebAuthn versions prior to 2.4.1 Description A missing ownership check allows an attacker to remove a user's WebAuthn two-factor authentication device by correctly guessi...

How can you protect your data, privacy, and finances if your phone gets lost or stolen?

Steps to take when your device is lost or stolen TL;DR This is a guide to help prepare for a situation where your mobile device is lost or stolen, including where it is stolen in an unlocked state. The post covers: Creating good habits in your digital life. Using available features to secure your...

A week in security (August 1 – 7)

Last week on Malwarebytes Labs: Have we lost the fight for data privacy? Lock and Code S03E16 Wrestling star Mick Foley’s Twitter compromised, selling PS5 consoles Millions of Arris routers are vulnerable to path traversal attacks When a sextortion victim fights back How to protect yourself and...

A week in security (August 1 - August 7)

Last week on Malwarebytes Labs: Have we lost the fight for data privacy? Lock and Code S03E16 Wrestling star Mick Foleys Twitter compromised, selling PS5 consoles Millions of Arris routers are vulnerable to path traversal attacks When a sextortion victim fights back How to protect yourself and yo...

How to protect yourself and your kids against device theft

In no time at all, kids will be going back to school or starting college. And while gearing up for this, its very important to be aware of the threat from device loss in the school environment. Maybe you are away at university for the first time and have a new place to live, or maybe your kids ha...

CVE-2019-20473

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...

TK-Star Q90 Junior GPS horloge security vulnerability

TK-Star Q90 Junior GPS horloge is a Gps location tracker from TK-Star, China. A security vulnerability exists in the TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices, which can be exploited by an attacker to more easily use a SIM card by stealing the device...