#android

Categories: Personal Your big day is over, but while you're relaxing on honeymoon you don't want to get distracted by security problems. So, we rounded up some quick tips to keep your devices safe. (Read more...) The post 6 tips for a cybersecure honeymoon appeared first on Malwarebytes Labs.

By Waqas The Swing VPN app is available on Android and iOS devices; however, only the Android version has been identified as a DDoS botnet by the researcher. This is a post from HackRead.com Read the original post: Researcher Identifies Popular Swing VPN Android App as DDoS Botnet

By Waqas The Russian-speaking hacker is also offering access to AT&T Corporation email accounts that have 2FA disabled for $7,000. This is a post from HackRead.com Read the original post: Military Satellite Access Sold on Russian Hacker Forum for $15,000

Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican. Some of the other targets included a government finance department and a corporation that markets products in the Americas as

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.

A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.

1. EXECUTIVE SUMMARY CVSS v3 8.6  ATTENTION: Exploitable remotely/low attack complexity Vendor: Enphase Equipment: Enphase Installer Toolkit Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow sensitive information to be obtained by an attacker using hard-coded credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Enphase Installer Toolkit, a software application, is affected:  Installer Toolkit: 3.27.0 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Enphase Installer Toolkit versions 3.27.0 and prior have hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information. CVE-2023-32274 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Ener...

Individuals in the Pakistan region have been targeted using two rogue Android apps available on the Google Play Store as part of a new targeted campaign. Cybersecurity firm Cyfirma attributed the campaign with moderate confidence to a threat actor known as DoNot Team, which is also tracked as APT-C-35 and Viceroy Tiger. The espionage activity involves duping Android smartphone owners into

Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.