A week in security (March 23 – March 29)

Last week on Malwarebytes Labs: Criminals are renting virtual phones to bypass bank security Bogus Avast website fakes virus scan, installs Venom Stealer instead Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka GlassWorm attack installs fake browser extension for...

EUVD-2014-6624

Malware in sbrugna...

EUVD-2017-18564

Malware in sbrugna...

SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars

Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manne...

rimsntires.com XSS vulnerability

Open Bug Bounty ID: OBB-562970 Description| Value ---|--- Affected Website:| rimsntires.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-9633

An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 PMB 8876 chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti...

CVE-2017-9647

A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 PMB 8876 chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015...

Stack overflow

A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 PMB 8876 chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015...

Design/Logic Flaw

An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 PMB 8876 chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti...

CVE-2017-9647

CVE-2017-9647 is a stack-based buffer overflow in Continental AG’s Infineon S-Gold 2 (PMB 8876) cellular baseband used in 2G TCUs. The flaw occurs in processing AT commands and could allow arbitrary code execution on the TCU baseband processor when an attacker has a physical connection to the TCU...

CVE-2017-9647

A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 PMB 8876 chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015...

CVE-2017-9633

The CVE-2017-9633 entry documents a TMSI-related vulnerability in Continental AG Infineon S-Gold 2 (PMB 8876) used in telematics control units (TCUs) across multiple vehicles (BMW, Ford, Infiniti, Nissan models from 2009–2016). The issue is an Improper Restriction of Operations within the Bounds ...

CVE-2017-9633

An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 PMB 8876 chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti...

Ford, BMW, Infiniti and Nissan TCU presence of a vulnerability, can be remote intrusion-vulnerability warning-the black bar safety net

! Three researchers found that Ford, BMW, Infiniti and Nissan Automatic Transmission Control UnitTCUin the presence of a vulnerability, these TCU are made by Continental AG production. Vulnerability causes The three researchers from McAfee, respectively, is Mickey Shkatov, Jesse, Michael and...

Infiniti Sense - Base64 encoded String, Customized SSL, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Infiniti Sense published at the 'play' market has multiple vulnerabilities...

Infiniti InTouch - Base64 encoded String, Customized SSL, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Infiniti InTouch published at the 'play' market has multiple vulnerabilities...

CVE-2014-6746

The Infiniti Roadside Assistance aka com.ccas.rsa.common.infiniti application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The Infiniti Roadside Assistance aka com.ccas.rsa.common.infiniti application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6746

The CVE covers the Infiniti Roadside Assistance Android app (com.ccas.rsa.common.infiniti) version 1.1, which fails to verify SSL X.509 certificates. This certificate validation flaw enables man-in-the-middle attackers to spoof servers and obtain sensitive data via a crafted certificate. The prov...