A week in security (July 8 – July 14)

Last week on Malwarebytes Labs: "Nearly all" AT&T customers had phone records stolen in new data breach disclosure Fake Microsoft Teams for Mac delivers Atomic Stealer Dangerous monitoring tool mSpy suffers data breach, exposes customer details iPhone users in 98 countries warned about spyware by...

Dangerous monitoring tool mSpy suffers data breach, exposes customer details

In a new episode of Spy vs Spy, the mobile monitoring app mSpy has suffered a data breach that exposed information about millions of its customers. As Malwarebytes Labs has reported before, the types of companies that make mobile applications that enable users to non-consensually spy and monitor ...

blog.mspy.com Improper Access Control vulnerability

Security Researcher geeknik Helped patch 8594 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting blog.mspy.com website and its users. Following coordinated...

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data...

MS13-075: Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)

The version of Microsoft Office Input Method Editor Chinese installed on the remote host has a privilege escalation vulnerability. A local attacker could exploit this by utilizing the MSPY IME toolbar in an unspecified manner, resulting in arbitrary code execution in kernel mode. C Tenable Networ...

Microsoft Office Pinyin IME 2010本地权限提升漏洞(CVE-2013-3859)

BUGTRAQ ID: 62181 CVECAN ID: CVE-2013-3859 Microsoft Office Pinyin IME是微软开发的拼音输入方法。 Office 2010 中文版默认安装的MSPY IME（中文）没有正确开放某些配置选项，如果登录攻击者从 Microsoft Pinyin IME 简体中文版的工具栏中启动 Internet Explorer，则该漏洞可能允许特权提升。成功利用此漏洞的攻击者可以运行内核模式中的任意代码。 0 Microsoft Office 2010 Microsoft Pinyin IME 2010 厂商补丁： Microsoft...

Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)

This host is missing an important security update according to Microsoft Bulletin MS11-088. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...