Indian social media app Slick exposed childrens’ user data
https://techcrunch.com/2023/02/10/slick-social-media-app-data-exposed
https://techcrunch.com/2023/02/10/slick-social-media-app-data-exposed
TechCrunch
Indian social media app Slick exposed childrens' user data | TechCrunch
The emerging Indian social media app exposed a database of young users' private information, including school-going children.
👍9🤬5🔥1
Telegram: How a messenger turned into a cybercrime ecosystem by 2023
https://ke-la.com/wp-content/uploads/2023/02/KELA_Telegram_CEBIN.pdf
https://ke-la.com/wp-content/uploads/2023/02/KELA_Telegram_CEBIN.pdf
👍12🤣6🥱4
APT Bahamut Attacks Indian Intelligence Operative using Android Malware
https://www.cyfirma.com/outofband/apt-bahamut-attacks-indian-intelligence-operative-using-android-malware/
https://www.cyfirma.com/outofband/apt-bahamut-attacks-indian-intelligence-operative-using-android-malware/
CYFIRMA
APT Bahamut Attacks Indian Intelligence Operative using Android Malware - CYFIRMA
Executive Summary In November 2022, CYFIRMA detected a cyber-attack on an intelligence operative in India. In this attack, the threat...
👍10🔥3
APKHunt - static code analysis tool for Android apps that is based on the OWASP MASVS framework
https://github.com/Cyber-Buddy/APKHunt
https://github.com/Cyber-Buddy/APKHunt
GitHub
GitHub - Cyber-Buddy/APKHunt: APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP…
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security teste...
👍14😁1
1) CVE-2023-23529
Vulnerability in WebKit browser engine for iPhones and iPads once exploited could result in arbitrary code execution.
This zero-day flaw has been actively exploited in the wild.
2) CVE-2023-23514
An app may be able to execute arbitrary code with kernel privileges affecting iPhones and iPads.
https://support.apple.com/en-us/HT213635
Vulnerability in WebKit browser engine for iPhones and iPads once exploited could result in arbitrary code execution.
This zero-day flaw has been actively exploited in the wild.
2) CVE-2023-23514
An app may be able to execute arbitrary code with kernel privileges affecting iPhones and iPads.
https://support.apple.com/en-us/HT213635
Apple Support
About the security content of iOS 16.3.1 and iPadOS 16.3.1
This document describes the security content of iOS 16.3.1 and iPadOS 16.3.1.
👍9🔥4❤1
SQL injection vulnerabilities in Owncloud Android app - CVE-2023-24804, CVE-2023-23948
The Owncloud Android app uses content providers to manage its data. The provider FileContentProvider has SQL injection vulnerabilities that allow malicious applications or users in the same device to obtain internal information of the app
https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/
The Owncloud Android app uses content providers to manage its data. The provider FileContentProvider has SQL injection vulnerabilities that allow malicious applications or users in the same device to obtain internal information of the app
https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/
GitHub Security Lab
GHSL-2022-059_GHSL-2022-060: SQL injection vulnerabilities in Owncloud Android app - CVE-2023-24804, CVE-2023-23948
The Owncloud Android app uses content providers to manage its data. The provider FileContentProvider has SQL injection vulnerabilities that allow malicious applications or users in the same device to obtain internal information of the app. The app also handles…
👍9😢3
MediaTek Android information disclosure | CVE-2023-20606
By executing a specially-crafted application, an attacker could exploit this vulnerability to obtain sensitive information.
Affected Software Versions: Android 12.0, 12.1
https://www.redpacketsecurity.com/mediatek-android-information-disclosure-cve-2023-20606/
By executing a specially-crafted application, an attacker could exploit this vulnerability to obtain sensitive information.
Affected Software Versions: Android 12.0, 12.1
https://www.redpacketsecurity.com/mediatek-android-information-disclosure-cve-2023-20606/
RedPacket Security
MediaTek Android information disclosure | CVE-2023-20606 - RedPacket Security
NAME__________MediaTek Android information disclosure
👍6🔥3
Inappropriate implementation in Full screen mode in Google Chrome on Android
It allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page.
[$4000] - CVE-2023-0697
https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
It allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page.
[$4000] - CVE-2023-0697
https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
Chrome Releases
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 110 to the stable channel for Windows, Mac and Linux . This will roll out ...
👍19🔥1🥰1
Android Banker Deep Dive (Part 1)
Fully reverse engineering of a Android Banker trojan from start to finish
https://youtu.be/Vs9Z3NDnVT8
Fully reverse engineering of a Android Banker trojan from start to finish
https://youtu.be/Vs9Z3NDnVT8
YouTube
Android Banker Deep Dive (Part 1)
In this [RE]laxing new series, I fully reverse a difficult Android Banker trojan from start to finish.
These extensive "Deep Dive" segments concentrate on dissecting malware specimens and delving into the individual approaches employed to fully reverse them.…
These extensive "Deep Dive" segments concentrate on dissecting malware specimens and delving into the individual approaches employed to fully reverse them.…
👍13🍓4👏1
Re-Exploiting Huawei Recovery With FaultyUSB
FaultyUSB: exploiting a TOCTOU race condition bug in recovery to get root on Huawei devices by emulating a malicious USB flash drive
https://labs.taszk.io/articles/post/reunzip/
FaultyUSB: exploiting a TOCTOU race condition bug in recovery to get root on Huawei devices by emulating a malicious USB flash drive
https://labs.taszk.io/articles/post/reunzip/
labs.taszk.io
[BugTales] REUnziP: Re-Exploiting Huawei Recovery With FaultyUSB
Huawei Recovery Update Zip ToC-ToU Vulnerability
🔥11👍3
[new version] OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://github.com/OWASP/igoat-swift
https://github.com/OWASP/igoat-swift
GitHub
GitHub - OWASP/iGoat-Swift: OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS - OWASP/iGoat-Swift
👍12
Resource for Android static analysis and vulnerability assessment
Tutorials, tools, and resources for identifying and mitigating security vulnerabilities in Android applications
https://github.com/krizzsk/HackersCave4StaticAndroidSec
Tutorials, tools, and resources for identifying and mitigating security vulnerabilities in Android applications
https://github.com/krizzsk/HackersCave4StaticAndroidSec
GitHub
GitHub - krizzsk/HackersCave4StaticAndroidSec: A comprehensive resource for Android static analysis and vulnerability assessment.…
A comprehensive resource for Android static analysis and vulnerability assessment. Tutorials, tools, and resources for identifying and mitigating security vulnerabilities in Android applications. -...
👍13👎1
Awesome ADB
Probably the most detailed ADB documentation with examples I have ever seen
https://github.com/mzlogin/awesome-adb/blob/master/README.en.md
Probably the most detailed ADB documentation with examples I have ever seen
https://github.com/mzlogin/awesome-adb/blob/master/README.en.md
GitHub
awesome-adb/README.en.md at master · mzlogin/awesome-adb
ADB Usage Complete / ADB 用法大全. Contribute to mzlogin/awesome-adb development by creating an account on GitHub.
👍20🔥8❤4
Android backdoor targets journalist in South Korea through APT phishing campaign
https://interlab.or.kr/archives/2567
https://interlab.or.kr/archives/2567
interlab.or.kr
Interlab 인터랩 | Cyber Threat Report: RambleOn Android Malware
Interlab is a non-profit organization based in Seoul with mission to create resilient digital safety net for freedom of citizens, providing free digital security consultations, trainings, incident response support and research of cyber threat toward civic…
👍9❤2
FaceStealers, Fleeceware and Adware discovered on Google Play posing as AI art apps
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-rise-and-risks-of-ai-art-apps/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-rise-and-risks-of-ai-art-apps/
McAfee Blog
The Rise and Risks of AI Art Apps | McAfee Blog
Authored by Fernando Ruiz The popularity of AI-based mobile applications that can create artistic images based on pictures, such as the “Magic Avatars”
👍15❤1
Flipper Zero Controlling Traffic Lights
https://youtu.be/TrVLmTLHgew
https://youtu.be/TrVLmTLHgew
YouTube
Flipper Zero Controlling Traffic Lights
Flipper Zero using its onboard Signal Generator and interfaced through the GPIO's with a high power Infrared LED array can imitate a 3M OptiCom transmitter. This system is known as Traffic Signal Preemption and can cause the traffic light controller to give…
👍30🔥5❤1
OyeTalk - Live Voice Chat Room app with 5M+ installs leaked private user conversations
It stored unencrypted user chats, names and IMEI numbers on a database unguarded by a password
https://cybernews.com/security/android-voice-chat-app-leaked-private-user-conversations/
It stored unencrypted user chats, names and IMEI numbers on a database unguarded by a password
https://cybernews.com/security/android-voice-chat-app-leaked-private-user-conversations/
Cybernews
Android voice chat app leaked private user conversations
A popular app for voice chats, OyeTalk, stored unencrypted user chats on a database unguarded by a password.
👍15🥰2
Vulnerabilities in NSPredicate were discovered in macOS 13.2 and iOS 16.3 (CVE-2023-23530, CVE-2023-23531)
App can achieve code execution inside of SpringBoard, a highly privileged app that can access location data, the camera and microphone, call history, photos, and other sensitive data, as well as wipe the device
https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html
App can achieve code execution inside of SpringBoard, a highly privileged app that can access location data, the camera and microphone, call history, photos, and other sensitive data, as well as wipe the device
https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html
Trellix
Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS
The Trellix Advanced Research Center vulnerability team has discovered a large new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to escalation of privileges and sandbox escape…
👍7🔥1
Hardening Firmware Across the Android Ecosystem
https://security.googleblog.com/2023/02/hardening-firmware-across-android.html
https://security.googleblog.com/2023/02/hardening-firmware-across-android.html
Google Online Security Blog
Hardening Firmware Across the Android Ecosystem
Posted by Roger Piqueras Jover, Ivan Lozano, Sudhi Herle, and Stephan Somogyi, Android Team A modern Android powered smartphone is a comp...
👍7🔥2🥰1
Android Banker Deep Dive Analysis - Part 2
https://youtu.be/cGxQ3WIv9nI
https://youtu.be/cGxQ3WIv9nI
YouTube
Android Banker Deep Dive (Part 2)
Part 2 of our Banker Deep Dive. We continue our analysis of the JSON objects and recognize indicators of packing. We then try to use the Medusa framework to unpack.
---
In this [RE]laxing new series, I fully reverse a difficult Android Banker trojan from…
---
In this [RE]laxing new series, I fully reverse a difficult Android Banker trojan from…
👍8👏7🍓2❤1