EUVD-2019-6345

Malware in sbrugna...

A week in security (November 25 – December 1)

Last week on Malwarebytes Labs: Printer problems? Beware the bogus help Data broker exposes 600,000 sensitive files including background checks Medical testing company LifeLabs failed to protect customer data, report finds Explained: the Microsoft connected experiences controversy Spotify, Audibl...

CVE-2023-23131

Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security ATS Settings...

Code injection

Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security ATS Settings...

CVE-2023-23131

Selfwealth iOS mobile App version 3.3.1 is identified as vulnerable due to Insecure App Transport Security (ATS) Settings. The root cause is improper ATS configuration allowing insecure network communication, which could impact confidentiality. AvailableConnected sources (NVD/Red Hat/PRION/CNNVD-...

Input validation

The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...

Plugging a virtual leak: insecure VR app exposes customer data

I've been giving talks on the possible problems raised by virtual/augmented/mixed reality for a while now, and sure enough, we have what may be one of the first potentially major security issues thrown up by an in-the-wild application. Until a recent fix was applied, users of the pornography app...

Cooking Your Fajitas - Dangerous filesystem permissions, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Cooking Your Fajitas published at the 'play' market has multiple vulnerabilities...