527 matches found
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in the Google Android Content component that stems from a privilege bypass with a possible way to learn the name of a gmail account on a device...
CVE-2022-20270
In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID...
CVE-2022-20270
CVE-2022-20270 affects Android 13, where a permissions bypass in the Content component could disclose the Gmail account name on a device with no extra privileges or user interaction. Documented impact is local information disclosure (confidentiality) with no exploitation details provided in the c...
PT-2022-14494 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue allows for local information disclosure due to a permissions bypass in Content, potentially revealing the Gmail account name on the device. This can be exploited without additional execution...
Hackers Using SHARPEXT Browser Malware to Spy on Gmail and Aol Users
By Waqas Researchers have warned users of Gmail on Microsoft Edge and Google Chrome browser of a new email spying… This is a post from HackRead.com Read the original post: Hackers Using SHARPEXT Browser Malware to Spy on Gmail and Aol Users...
Fedora: Security Advisory for gmailctl (FEDORA-2022-5ef0bd9a27)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: gmailctl-0.10.4-4.fc36
Declarative configuration for Gmail filters...
[SECURITY] Fedora 36 Update: gmailctl-0.10.4-3.fc36
Declarative configuration for Gmail filters...
Targeted attack on Government Agencies
Targeted Attack on Government Agencies By Sushant Kumar Arya, Mohsin Dalla · July 13, 2022 Executive summary The Trellix Email Security Research Team has discovered a malicious campaign targeting government agencies of Afghanistan, India, Italy, Poland, and the United States since 2021. The attac...
Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed
A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were linked to a Gmail account. Youssef Sammouda states it was possible to target all Facebook users but that it was more complicated to develop an exploit, and using Gmail was...
Nextcloud: SMTP Command Injection in Appointment Emails via Newlines
Summary: Users can create appointment calendars for other users to book slots on their calendar. When booking a slot, the following request is made: POST /apps/calendar/appointment/1/book HTTP/2 Host: 192.168.92.132 "start":1647306900,"end":"1647307200","displayName":"Test...
WordPress Streak CRM For Gmail For Contact Form 7 – WordPress Plugin plugin <= 1.0.8 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Streak CRM For Gmail For Contact Form 7 – WordPress Plugin plugin versions = 1.0.8. Solution No patched version available...
Security Bulletin: IBM App Connect Enterprise Certified Container Designer flows containing GMail connectors maybe vulnerable to URL redirection to untrusted sites due to CVE-2022-0122
Summary The Node.js module node-forge is used internally by the GMail connector, both as an action connector and an event connector. IBM App Connect Enterprise Certified Container Designer flows containing GMail connectors maybe vulnerable to URL redirection to untrusted sites. This bulletin...
Security Bulletin: IBM App Connect Enterprise Certified Container Designer flows containing GMail connectors maybe vulnerable to remote code execution due to GHSA-5rrq-pxf6-6jx5 in node-forge
Summary The Node.js module node-forge is used internally by the GMail connector, both as an action connector and an event connector. IBM App Connect Enterprise Certified Container Designer flows containing GMail connectors maybe vulnerable to remote code execution due to GHSA-5rrq-pxf6-6jx5. This...
Adobe Cloud Abused to Steal Office 365, Gmail Credentials
Attackers are leveraging Adobe Creative Cloud to target Office 365 users with malicious links that appear to be coming legitimately from Cloud users but instead direct victims to a link that steals their credentials, researchers have discovered. Researchers from Avanan, a Check Point company, fir...
PasteMonitor - Scrape Pastebin API To Collect Daily Pastes, Setup A Wordlist And Be Alerted By Email When You Have A Match
Scrape Pastebin API to collect daily pastes, setup a wordlist and be alerted by email when you have a match. Description The PasteMonitor tool allows you to perform two main actions for educational purposes only: Download daily new public pastes Average number of pastes per day: 1000-3000 filetyp...
Hackers Using Compromised Google Cloud Accounts to Mine Cryptocurrency
Threat actors are exploiting improperly-secured Google Cloud Platform GCP instances to download cryptocurrency mining software to the compromised systems as well as abusing its infrastructure to install ransomware, stage phishing campaigns, and even generate traffic to YouTube videos for view cou...
Microsoft MSHTML flaw exploited in Gmail and Instagram phishing scam
By Deeba Ahmed The attacks started in July 2021 in which threat actors exploited Microsoft MSHTML vulnerability to target overseas Iranians. This is a post from HackRead.com Read the original post: Microsoft MSHTML flaw exploited in Gmail and Instagram phishing scam...
BIMI: A Visual Take on Email Authentication and Security
There is a saying that goes something like, "Do not judge a book by its cover." Yet, we all know we can not help but do just that - especially when it comes to online security. Logos play a significant role in whether or not we open an email and how we assess the importance of each message. Brand...
Reddit: Oauth Misconfiguration Lead To Account Takeover
Summary: OAuth is a commonly used authorization framework that enables websites and web applications to request limited access to a user's account on another application. Crucially, OAuth allows the user to grant this access without exposing their login credentials to the requesting application...