Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Deserialized web security roundup: Algolia API key leak, GitHub CVE reporting, scoring CVSS scores

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

PortSwigger
Open in Source
#xss#vulnerability#web#android#microsoft#apache#git#java#c++#pdf#aws#auth#ssh
CVE-2022-45480: CyRC Vulnerability Advisory: Remote code execution vulnerabilities in mouse and keyboard apps

PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Hackers Sign Android Malware Apps with Compromised Platform Certificates

Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. "A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report filed through the

Time to uninstall! Abandoned Android apps pack a vulnerability punch

Categories: News Tags: CVE Tags: android Tags: apps Tags: abandonware Tags: vulnerability Tags: bug Tags: telepad Tags: pc keyboard Tags: lazy mouse Three abandoned Android apps with remote code execution vulnerabilities need to be shown the door. (Read more...) The post Time to uninstall! Abandoned Android apps pack a vulnerability punch appeared first on Malwarebytes Labs.

Watch Out! These Android Keyboard Apps With 2 Million Installs Can be Hacked Remotely

Multiple unpatched vulnerabilities have been discovered in three Android apps that allow a smartphone to be used as a remote keyboard and mouse. The apps in question are Lazy Mouse, PC Keyboard, and Telepad, which have been cumulatively downloaded over two million times from the Google Play Store. Telepad is no longer available through the app marketplace but can be downloaded from its website.

Spyware Vendor Variston Exploited Chrome, Firefox and Windows 0-days

By Habiba Rashid A Barcelona-based company, a spyware vendor named Variston IT, is exploiting flaws under the guise of a custom cybersecurity solutions provider. This is a post from HackRead.com Read the original post: Spyware Vendor Variston Exploited Chrome, Firefox and Windows 0-days

CVE-2022-41971

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call. Versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0 contain patches for the issue. No known workarounds are available.

A Syntax Error Led to Crashing of KmsdBot Cryptomining Botnet

By Deeba Ahmed The KmsdBot was known for targeting both Linux and Windows devices. This is a post from HackRead.com Read the original post: A Syntax Error Led to Crashing of KmsdBot Cryptomining Botnet

Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, and Windows Zero-Days

A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to