#android

A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819.

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.

By Waqas According to ESET, iRecorder was infected with a variant of AhMyth, which is an open-source remote administration tool capable of extracting sensitive data from Android devices. This is a post from HackRead.com Read the original post: Popular Android Screen Recorder iRecorder App Revealed as Trojan

Categories: Personal Tags: Google Tags: tracking Tags: location Tags: data Tags: court Tags: lawsuit Tags: settlement Tags: advertising We take a look at a case where Google is agreeing to pay $40m as a result of disclosure related to location tracking issues. (Read more...) The post Google to pay $40m for "deceptive and unfair" location tracking practices appeared first on Malwarebytes Labs.

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.

By Deeba Ahmed If you use TikTok, you must be aware of CapCut. However, did you know that this app is being abused by threat actors to drop malware and carry out phishing scams through not one, but a series of malicious sites? This is a post from HackRead.com Read the original post: CapCut Users Beware: Phishing Sites Distributing Malware

An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version.

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.

Categories: Business There are a lot of benefits to ChatGPT, but many in the security community have concerns about it. Malwarebytes' CEO Marcin Kleczynski takes a deep dive into the topic. (Read more...) The post ChatGPT: Cybersecurity friend or foe? appeared first on Malwarebytes Labs.