Google Pulls App Exploiting Certifi-Gate Vulnerability

A mobile application exploiting the so-called Certifi-gate vulnerability disclosed at Black Hat has been removed from the Google Play store. Though the number of downloads of Recordable Activator, a screen recorder app for Android devices, hovers between 100,000 and a half-million, researchers at...

Android 'Serialization' Vulnerability Affects 55 Percent of Devices

Google has patched a severe Android vulnerability that researchers at IBM said impacts more than 55 percent of devices. As with most Android vulnerabilities, users are reliant on handset makers and carriers to push patches downstream to devices, something they’ve not always been diligent about. I...

Google Photo App Uploads Your Images To Cloud, Even After Uninstalling

Have you ever seen any mobile application working in the background silently even after you have uninstalled it completely? I have seen Google Photos app doing the same. Your Android smartphone continues to upload your phone photos to Google servers without your knowledge, even if you have alread...

Malicious Gaming App Infects More than 1 Million Android Users

It's not at all surprising that the Google Play Store is surrounded by a number of malicious applications that may gain users' attention to fall victim for one, but this time it might be even worse than you thought. Threat researchers from security firm ESET have discovered a malicious...

UPNPD M-SEARCH - ssdp:discover Reflection Denial of Service

UPNPD M-SEARCH - ssdp:discover Reflection Denial of Service !/usr/bin/perl upnpd M-SEARCH ssdp:discover reflection Copyright 2015 c Todor Donev [email protected] http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg The SSDP protocol can discover Plug & Play devices, with...

Gello: Cyanogen's Customizable Web Browser for Android

Get ready for a new Android Browser! Android ROM developer CyanogenMod has announced that it is working on a new browser for Android devices. Dubbed Gello, the open-source browser is based on Google's Chromium project and includes a ton of customization options for Android. The team provided a...

Netty and Play Framework Session Hijacking Vulnerability

Netty is a java open source framework provided by JBOSS . A session hijacking vulnerability exists in Netty and Play Framework, which can be exploited by an attacker to gain unauthorized access to an affected application...

Non-Nexus Devices and the Android Security Rewards Program

Google’s decision to limit its Android Security Rewards program to newer Nexus devices clearly puts the Google phones on the top tier of secure mobile devices. It also could ultimately have the effect of putting non-Nexus devices in the line of fire. For now, limiting the rewards program to Nexus...

Google Launches Android Security Rewards For Nexus Devices

Google today announced that it has expanded the scope of its vulnerability rewards program to include the latest versions of its Nexus mobile devices, dangling thousands of dollars in front of researchers willing to hunt not only for vulnerabilities but also develop bypasses for native Android...

One class to rule them all

This vulnerability allows for arbitrary code execution in the context of many apps and services and results in elevation of privileges. There is a Proof-of-Concept exploit against the Google Nexus 5 device, that achieves code execution inside the highly privileged systemserver process, and then...

60+ Vulnerabilities In 22 SOHO Routers

Dear PacketStorm community, we are a group of security researchers doing our IT Security Master's Thesis at Universidad Europea de Madrid. As a part of the dissertation, we have discovered multiple vulnerability issues on the following SOHO routers: 1. Observa Telecom AW4062 2. Comtrend WAP-5813n...

Malicious Minecraft apps affect 600,000 Android Users

So you love Minecraft? You might want to be very careful before downloading the cheats for the popular Minecraft game from Google Play Store. Nearly 3 Million users have downloaded malicious Minecraft Android applications for their smartphone and tablets from the Google Play store, security...

Spy Agencies Hijack Google Play Store to Install Spyware on Smartphones

I have an Android phone with a five different gmail accounts configured in it. But what if any one of them get compromised via phishing, malware or any other way? The Hacker would be able to access my Google account and obviously Google Play Store account too, which allows anyone to install any...

Renewed Attention on Android Apps Failing SSL Validation

SAN FRANCISCO – Android developers whose apps fail to validate SSL certificates are on notice; not only are researchers scanning apps making insecure connections, but so is Google. And the hammer may fall soon. Will Dormann, a researcher with CERT at the Software Engineering Institute at Carnegie...

Belkin Play N750 login.cgi Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Belkin Play N750 login.cgi Buffer Overflow', 'Description' = %q This module exploits a remote buffer overflow vulnerability on Belki...

Mobile Android, iOS Apps Still Vulnerable to FREAK Attacks

In the shadow of a major OpenSSL vulnerability scheduled to be announced tomorrow, lingering issues remain with mobile platforms and applications that still run versions of the crypto library vulnerable to FREAK attacks. A report published Tuesday by FireEye paints a bleak picture of vulnerable...

Google Now Manually Reviews Play Store Android App Submissions

Google has changed the way it managed apps on the Google Play Store. After years of depending on the automated app check process, the company just made some changes to its Play Store policies that will successfully weed out malicious and undesirable apps from Google Play store. Google has...

WebGate WinRDS WESPPlayback.WESPPlaybackCtrl.1 Control Stack Buffer Overflow Vulnerability

WebGate WinRDS is a set of high-definition IP camera and DVR storage management software from Webgate Korea. A stack buffer overflow vulnerability exists in the WESPPlayback.WESPPlaybackCtrl.1 control of WebGate WinRDS. A remote attacker can pass 'PrintSiteImage', 'PlaySiteAllChannel',...

CVE-2015-2094

Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the 1 PrintSiteImage, 2 PlaySiteAllChannel, 3 StopSiteAllChannel, or 4 SaveSiteImage function...

Google Play services information disclosure vulnerability

Google Play is an online app store developed by Google for Android devices. Google Play services suffers from an information disclosure vulnerability that allows an attacker to gain access to a Google account through a carefully crafted application...