CVE-2021-33057

The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements e.g., android.permission.ACCESSFINELOCATION for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the...

CVE-2020-11922

An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being...

Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution

UPDATE Malicious scanning activity targeting Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN routers is underway, with a swell of opportunistic probes looking for vulnerable devices ramping up since Friday. According to Bad Packets Report’s honeypot data, cyberattackers are targeting a...

Cross site request forgery (csrf)

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scanresults JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its...

CVE-2016-1779

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request...

Design/Logic Flaw

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request...

Study: Uyghur Remain in Crosshairs of Targeted Attacks

It’s no secret that activists groups supporting the Uyghur and other ethnic minorities living either in exile or in oppressed nations have been in the crosshairs of targeted attacks for years. Regimes use phishing emails, other social engineering tactics, and drive-by downloads to infect computer...

Apple iOS本地安全限制绕漏洞(CVE-2013-5193)

BUGTRAQ ID: 63723 CVECAN ID: CVE-2013-5193 iOS是由苹果公司为移动设备所开发的操作系统，支持的设备包括iPhone、iPod touch、iPad、Apple TV。 Apple iOS 7.0.4之前版本存在本地安全限制绕过漏洞，物理位置接近的攻击者可利用此漏洞无需密码，即可绕过某些安全限制，完成交易，执行未授权操作。此漏洞源于没有有效授权App及In-App购买权限。 0 Apple iOS 7.0.4 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Stellar Wind Surveillance program under Obama administration

According to secret documents obtained by the Guardian, Obama administration permitted the National Security Agency to surveillance the Emails and Internet metadata of all Americans. This secret warrant less surveillance program, collectively known by the NSA code name Stellar Wind, was launched ...

How Much Does A Botnet Cost?

The cost of a botnet is contingent largely upon the physical location of the malware-infected computers inside of it. Therefore, a botnet containing only American or European machines is worth more than one with machines from less prosperous nations. Security researcher Dancho Danchev recently...

CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure

This module sends a query to the port 264/TCP on CheckPoint Firewall-1 firewalls to obtain the firewall name and management station such as SmartCenter name via a pre-authentication request. The string returned is the CheckPoint Internal CA CN for SmartCenter and the firewall host. Whilst...

Nmap 5.59 BETA1 - 40 new NSE scripts & improved IPv6

Nmap 5.59 BETA1 - 40 new NSE scripts & improved IPv6 Official Change Log: o NSE Added 40 scripts, bringing the total to 217! You can learn more about any of them at https://nmap.org/nsedoc/. Here are the new ones authors listed in brackets: + afp-ls: Lists files and their attributes from Apple...

ip-geolocation-maxmind NSE Script

Tries to identify the physical location of an IP address using a Geolocation Maxmind database file available from . This script supports queries using all Maxmind databases that are supported by their API including the commercial ones. See also: ip-geolocation-geoplugin.nse...

CERN httpd Virtual Web Path Disclosure

The remote host appears to be running CERN httpd. It was possible to get the physical location of a virtual web directory by issuing the request : GET /cgi-bin/ls HTTP/1.0 A remote attacker could use this information to mount further attacks. C Tenable Network Security, Inc. include"compat.inc";...