CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/02/03 5:25 p.m.•2 views

MAL-2025-1218 Malicious code in fitbit-widget-dropdown (npm)

The package communicates with a domain associated with malicious activity...

7.1AI score

OSSF Malicious Packages•added 2025/02/03 5:25 p.m.•2 views

Malicious code in fitbit-widget-dropdown (npm)

The package communicates with a domain associated with malicious activity...

Pen Test Partners Blog•added 2024/09/04 5:38 a.m.•7 views

Advanced forensic techniques for recovering hidden data in wearable devices

TL;DR A walk-through of forensic data recovery Detailed example of how to retrieve potentially sensitive deleted data Includes location, sleep and activity tracking Understand the security and privacy implications of wearable device data Introduction This blog post covers how forensic skills and...

6.7AI score

Schneier on Security•added 2024/03/22 11:1 a.m.•18 views

Google Pays $10M in Bug Bounties in 2023

BleepingComputer has the details. Its $2M less than in 2022, but its still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the programs launch in 2010 has reached $59 million. For Android, the worlds most popular and widely used mobile...

7.4AI score

Snyk•added 2023/04/04 8:19 a.m.•1 views

Malicious Package

Overview fitbit-site-ui is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...

9.8CVSS7.1AI score

Exploits0References3

The Hacker News•added 2022/09/26 9:47 a.m.•28 views

Google to Make Account Login Mandatory for New Fitbit Users in 2023

Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account "sometime" in 2023. "In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account," the Google-owned fitness devices maker said. The switc...

1.2AI score

OSV•added 2022/07/21 10:55 a.m.•9 views

MAL-2022-3057 Malicious code in fitbit-connect (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e244db8536c3d0ac70e9bec071e9b946ec7553b566cdc6e031d9bb3cd17f042d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2022/07/21 10:55 a.m.•3 views

Malicious code in fitbit-connect (npm)

6.9AI score

OSV•added 2022/06/20 8:18 p.m.•5 views

MAL-2022-3058 Malicious code in fitbit-connect-client-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 08efae8d0db8e2e4172e8acf35605a70436f1b61b61df70ccd478b1eb14052f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2022/06/20 8:18 p.m.•3 views

Malicious code in fitbit-connect-client-api (npm)

6.9AI score

OSV•added 2022/06/20 8:13 p.m.•3 views

MAL-2022-3059 Malicious code in fitbit-css-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6212daf71fae3c165b5999556ea9f8e25fb08b5d0e5beb46b543b50ddf56c46b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2022/06/20 8:13 p.m.•2 views

Malicious code in fitbit-css-loader (npm)

6.9AI score

HackRead•added 2020/10/10 4:7 p.m.•48 views

Researcher uploaded spyware on official Fitbit store

By Sudais Asif The researcher took advantage of the Fitbit gallery which allows developers to submit apps that enhance the functionality of the core app. This is a post from HackRead.com Read the original post: Researcher uploaded spyware on official Fitbit store...

3.3AI score

ThreatPost•added 2020/10/09 6:58 p.m.•108 views

Fitbit Spyware Steals Personal Data via Watch Face

A wide-open app-building API would allow an attacker to build a malicious application that could access Fitbit user data, and send it to any server. Kev Breen, director of cyber threat research for Immersive Labs, created a proof-of-concept for just that scenario, after realizing that Fitbit...

The Hacker News•added 2020/02/17 3:10 p.m.•102 views

Exploits0References11

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All...

8.8CVSS7.6AI score0.00394EPSS

Exploits6

Wired Threat Level•added 2019/09/17 10:0 a.m.•82 views

A Brutal Murder, a Wearable Witness, and an Unlikely Suspect

Karen Navarra was a quiet woman in her sixties who lived alone. She was found beaten to death. The neighbors didn't see anything. But her Fitbit did...

2.6AI score

CNVD•added 2019/07/16 12:0 a.m.•1 views

Fitbit activity-tracker information disclosure vulnerability

The Fitbit activity-tracker is a smart sports watch from the American company Fitbit. An information disclosure vulnerability exists in Fitbit activity-tracker. The vulnerability stems from errors such as configuration during operation of a networked system or product. An unauthorized attacker...

6.5CVSS6.1AI score0.00184EPSS