206 matches found
CVE-2022-38267
School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=...
School Activity Updates with SMS Notification v1.0 SQL注入漏洞
School Activity Updates with SMS Notification is an online activity update with SMS notification from janobe Personal Developer. It is used to ensure that every student receives an SMS notification every time there is an activity in the school. A security vulnerability exists in School Activity...
School Activity Updates with SMS Notification v1.0 SQL注入漏洞
School Activity Updates with SMS Notification is an online activity update with SMS notification from janobe Personal Developer. It is used to ensure that every student receives an SMS notification every time there is a school activity. A security vulnerability exists in School Activity Updates...
CVE-2022-20241
In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Mobile subscription Trojans and their little tricks
Billing fraud is one of the most common sources of income for cybercriminals. There are currently a number of known mobile Trojans specializing in secretly subscribing users to paid services. They usually pay for legitimate services in a users name and scammers take a cut from the money billed...
CVE-2022-23722
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...
CVE-2021-39033
creationtimestamp| type| source ---|---|--- 2022-04-19 20:24:38+00:00| seen| https://t.me/cibsecurity/41109...
Extortion scheme impersonates government officials, law enforcement
The FBI issued a public warning this week about a fraud scheme wherein scammers impersonate government officials and law enforcement personnel. According to the PSA, the scammers spoof legitimate numbers and names and use fake credentials of well-known members of the government and law enforcemen...
CVE-2022-24646
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters...
PT-2022-16772 · Unknown · Hospital Management System
Name of the Vulnerable Software and Affected Versions: Hospital Management System version 4.0 Description: The issue is related to a SQL injection vulnerability. It affects the /Hospital-Management-System-master/contact.php endpoint via the txtMsg parameters. Recommendations: For Hospital...
CVE-2021-44480
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers who know the SIM phone number and password to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords...
Apple fixes the zero-day vulnerabilities exploited by Pegasus spyware named “FORCEDENTRY”
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Two actively exploited vulnerabilities CVE-2021-30858 and CVE-2021-30860 have been fixed in Apples iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 releases. The NSO group carried out the attack by...
A week in security (August 30 – September 5)
Last week on Malwarebytes Labs ProxyToken: another nail-biter from Microsoft Exchange Macs turn on apps signed by Symantec, treat them as malware Google Play sign-ins can be abused to track another person’s movements FTC bans SpyFone and its CEO from continuing to sell stalkerware BrakTooth...
Zero-Click iPhone Exploits
Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government. These are particularly scary exploits, since they dont require to victim to do anything, like click on a link or open a file. The victim receiv...
Privilege Escalation
firefox is vulnerable to privilege escalation. The vulnerability exists due to the unknown processing of the component Text Message Handler...
Flubot Spyware Spreading Through Android Devices
Android mobile phone users across the U.K. and Europe are being targeted by text messages containing a particularly nasty piece of spyware called “Flubot,” according to the U.K.’s National Cyber Security Centre. And the U.S. could be the next target. Victims are asked to download a fake app from ...
Pre-Installed Malware Dropper Found On German Gigaset Android Phones
In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui,...
Royal Mail scam says your parcel is waiting for delivery
Expecting a delivery? Watch out for phishing attempts warning of held packages and bogus shipping fees. This Royal Mail delivery scam begins with a text message out of the blue, claiming: Your Royal Mail parcel is waiting for delivery. Please confirm the settlement amount of 2.99 GBP via:...
Racom 跨站脚本漏洞
The RACOM M!DGE is a cellular router designed for SCADA and telemetry mission-critical applications and is ideally suited for many different wireless applications. A cross-site scripting vulnerability exists in the RACOM M!DGE firmware version 4.4.40.105. An attacker can exploit this vulnerabilit...
CVE-2018-4390
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofi...