#apple

In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.

The commercial-grade surveillance software initially was used by law enforcement authorities in Italy in 2019, according to a new report.

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  I’m still decompressing from Cisco Live and the most human interaction I’ve had in a year and a half.   But after spending a few days on the show floor and interacting with everyone, there are a... [[ This is only the beginning! Please visit the blog for the complete entry ]]

TheTruthSpy is an app programmed to siphon out photos, locations and more from smartphones. The post Photos of kids taken from spyware-ridden phones found exposed on the internet appeared first on Malwarebytes Labs.

Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.

Mozilla has launched its Total Cookie Protection addition to Firefox for users worldwide. What does it do? The post Firefox stops advertisers tracking you as you browse, calls itself the most “private and secure major browser” appeared first on Malwarebytes Labs.

Username and password combinations offered for sale on the Dark Web by criminals has increased 65% since 2020.

Upsurge in the tourism industry after the COVID-19 pandemic grabs the attention of cybercriminals to scam the tourists.

A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with the input 1'and 1=2 union select 1,sleep(10),3,4,5 --+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.