EUVD-2014-5436

Malware in sbrugna...

Malicious code in @malware-test-unpen-puppy-tores-sonsy/test-mlw3-unpen-puppy-tores-sonsy (npm)

The package @malware-test-unpen-puppy-tores-sonsy/test-mlw3-unpen-puppy-tores-sonsy was found to contain malicious code...

Google Sues Scammer for Running 'Puppy Fraud Scheme' Website

Google on Monday disclosed that it's taking legal action against a nefarious actor who has been spotted operating fraudulent websites to defraud unsuspecting people into buying non-existent puppies. "The actor used a network of fraudulent websites that claimed to sell basset hound puppies — with...

CVE-2020-18890

Rmote Code Execution RCE vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php...

Holiday Puppy Swindle Has Consumers Howling

Puppy photos are undeniably irresistible but beware; researchers have uncovered a scheme selling fake German Shepherd puppies for Bitcoin, leaving buyers crushed and without a tiny fuzzy friend to cuddle on Christmas morning. The scam was discovered by an intrepid researcher at Anomali, who got...

A week in security (November 6 – November 12)

After coming out victorious in a case against PUPs, Malwarebytes CEO Marcin Kleczynski has this to say: We fought for our users and we won. -- Marcin Kleczynski @mkleczynski November 9, 2017 And my, do we feel like champions! You can read more about this here. Last week, we looked into the...

Of scammers and cute puppies

We’ve followed tech support scammers for quite a while at Malwarebytes. They’ve been of particular interest because of their preference for scamming the poor, the elderly, and the developmentally disabled. But there’s a diverse spectrum of online scams a criminal can profit from, and today we’re...

PS Vita Pets: Puppy Parlour - Base64 encoded String, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application PS Vita Pets: Puppy Parlour published at the 'play' market has multiple vulnerabilities...

Learning Letters Puppy - Dangerous filesystem permissions, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Learning Letters Puppy published at the 'play' market has multiple vulnerabilities...

Puppy Dog Puzzles for Toddlers - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Puppy Dog Puzzles for Toddlers published at the 'play' market has multiple vulnerabilities...

Best Game for Toddlers Puppy - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Best Game for Toddlers Puppy published at the 'play' market has multiple vulnerabilities...

Guess the puppy - Corrupted files, Dynamic Code Loading, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Guess the puppy published at the 'play' market has multiple vulnerabilities...

Strawberry Shortcake Puppy - Base64 encoded String, Customized SSL, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Strawberry Shortcake Puppy published at the 'play' market has multiple vulnerabilities...

Puppy & kitty salon - Dangerous filesystem permissions, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Puppy & kitty salon published at the 'play' market has multiple vulnerabilities...

Puppy Love - My Dream Pet - WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Puppy Love - My Dream Pet published at the 'play' market has multiple vulnerabilities...

Netflix Sleepy Puppy Cross-Site Scripting Payload Framework

Most automated scanning and security tools that ferret out cross-site scripting vulnerabilities don’t do much analysis beyond the target application. Netflix this week, however, released to open source a tool developed in-house that persists beyond the target app and can flag potential XSS troubl...

XSS Payload Management Framework: Sleepy Puppy

Sleepy Puppy is a cross-site scripting XSS payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time. Why Should I use Sleepy Puppy? Often when testing for client side injections HTML/JS/etc. security engineers are looking fo...

CVE-2014-5549

The Puppy Slots aka air.com.starluxstudios.PuppySlotsFree application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The Puppy Slots aka air.com.starluxstudios.PuppySlotsFree application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5549

Summary: CVE-2014-5549 affects the Android app Puppy Slots Free (air.com.starluxstudios.PuppySlotsFree) v3. The issue is that the app does not verify X.509 certificates from SSL servers, allowing a man-in-the-middle to spoof servers and harvest sensitive information via a crafted certificate. Wha...