UBUNTU-CVE-2013-7301

Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue...

Chainfire's Pry-Fi Android App released to defend against NSA Spying under Public Wi-Fi

Turn your face in any direction, someone is always trying to spy on you; doesn’t matter who and what you are? Just yesterday we reported that Communications Security Establishment Canada CSEC in Canada and NSA are together, running a spying program called 'game-changer'. It was revealed that the...

PT-2014-3437 · Festvocal · Flite

Name of the Vulnerable Software and Affected Versions: Flite version 1.4 Description: The issue allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. This is due to a problem in the play wave from socket function in audio/auserver.c. Recommendations: For Flite version...

Cisco MediaSense Search and Play Authorization Vulnerability

A vulnerability in the Search and Play interface of Cisco MediaSense could allow an authenticated, remote attacker to access recordings in the Search and Play interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the...

CVE-2014-0672

The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface...

[CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection

Evernote Android Insecure Storage of PIN data / Bypass of PIN protection Product: Evernote Android Project Homepage: evernote.com Internal Advisory ID: c22-2013-03 / c22-2013-04 Vulnerable Versions: Android version 5.5.0 and prior Tested Version: Android 5.x Android 4.2/4.3 Vendor Notification: A...

[CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup)

Evernote Android Insecure Password Change one-click setup Product: Evernote Android Project Homepage: evernote.com Internal Advisory ID: c22-2013-05 Vulnerable Versions: Android version 5.5.0 and prior Tested Version: Android 5.x Android 4.2/4.3 Vendor Notification: Aug 13, 2013 Public Disclosure...

Santander BillPay Security Vulnerabilities Patched

Security weaknesses on the Santander Group BillPay website and mobile banking application have been addressed by the financial services organization’s developer Headland after they were exposed less than a week ago. U.K. consultant Paul Moore of Cresona Corp., reported a number of serious...

Firefox 26 Makes Java Plugins Click-to-Play, Fixes 14 Security Flaws

Mozilla has released a major new version of Firefox, which includes fixes for more than a dozen security vulnerabilities as well as an important change that makes all Java plugins click-to-play be default. This feature prevents those plugins from running automatically on Web pages, which helps...

Rogue Android Gaming app that steals WhatsApp conversations

Google has recently removed a Rogue Android gaming app called "Balloon Pop 2" from its official Play store that was actually stealing user's private Whatsapp app conversations. Every day numerous friends ask me if it is possible to steal WhatsApp chat messages and how, of course a malware...

Mobile Android banking Trojan Svpeng Adds Phishing Know-How

An Android banking Trojan known as Svpeng has added phishing capabilities to its arsenal, and researchers have spotted it attacking Russian banking clients in what is perceived to be a dry run before it is adapted for other countries. “Typically, however, cybercriminals first test-run a technolog...

Mednafen: Arbitrary code execution

Background Mednafen is an advanced NES, GB/GBC/GBA, TurboGrafx 16/CD, NGPC and Lynx emulator. Description An unspecified vulnerability has been discovered in Mednafen when using network play. Impact A remote server could execute arbitrary code with the privileges of the process. Workaround There ...

New Android Banking Trojan targeting Korean users

A very profitable line for mobile malware developers is Android Banking Trojans, which infect phones and steal passwords and other data when victims log onto their online bank accounts. One recent trend is Android malware that attacks users in specific countries, such as European Countries, Brazi...

Unnamed Android Vulna Ad Library Abused to Steal User Data

A popular Android mobile ad library available on Google Play can be used to collect device data or execute malicious code, security researchers have discovered. The most alarming aspect to the library is that close to 2 percent of Android apps with more than 1 million downloads on Google Play use...

Fake Grand Theft Auto V iFruit Android app fools thousands

Android malware is continuing to cause problems for end users with huge amounts of fraud and Malware campaigns going on. A lot of fake apps are currently on Google Play Store fooling thousands of consumers. Grand Theft Auto 5, which hit stores last Tuesday and is shaping up to be the most lucrati...

Fake Grand Theft Auto V iFruit Android app fools thousands

Android malware is continuing to cause problems for end users with huge amounts of fraud and Malware campaigns going on. A lot of fake apps are currently on Google Play Store fooling thousands of consumers. Grand Theft Auto 5, which hit stores last Tuesday and is shaping up to be the most lucrati...

Android WebView vulnerability allows hacker to install malicious apps

WebView is an essential component in Android and iOS. It enables applications to display content from online resources and simplifies task of performing a network request, parsing the data and rendering it. Today AVG Security expert reported a critical vulnerability in Android's WebView feature...

Android WebView vulnerability allows hacker to install malicious apps

WebView is an essential component in Android and iOS. It enables applications to display content from online resources and simplifies task of performing a network request, parsing the data and rendering it. Today AVG Security expert reported a critical vulnerability in Android's WebView feature...

DHS and FBI Warn About Android Security Threats

The Department of Homeland Security and the FBI are warning police and fire departments as well as emergency medical service providers and other security personnel that out-of-date Android devices pose a serious security risk to those organizations. The warning came via an unclassified memo...

Warning: Android Bitcoin wallet apps vulnerable to theft

A critical vulnerability in the Android implementation of the Java SecureRandom random number generator was discovered, that leaves Bitcoin digital wallets on the mobile platform vulnerable to theft. Before the announcement was made, users on the forums had noticed over 55 BTC were stolen a few...