Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2022-45634: Username Disclosure Vulnerability in DBD+ Application Used by Megafeis Smart Locks

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account information

CVE
Open in Source
#vulnerability#ios#android#git#auth
Google Pixel: Cropped or edited images can be recovered

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Pixel Tags: Markup Tags: CVE-2023-21036 Tags: recover Tags: PNG Tags: truncated A vulnerability in the Markup tool that comes pre-installed on Pixel phones allows anyone with access to the edited image to view parts of the original. (Read more...) The post Google Pixel: Cropped or edited images can be recovered appeared first on Malwarebytes Labs.

CVE-2023-28725: Changelog | GENERAL BYTES

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.

CVE-2022-45636: Insecure Authorization Scheme for API Requests in DBD+ Mobile Companion Application for Megafeis Smart Locks

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.

CVE-2022-45637: megafeis-palm/CVE-2022-45637 at main · WithSecureLabs/megafeis-palm

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism.

CVE-2022-45635: megafeis-palm/CVE-2022-45635 at main · WithSecureLabs/megafeis-palm

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy.

Unpatched Samsung Chipset Vulnerabilities Open Android Users to RCE Attacks

Users of affected devices that want to mitigate risk from the security issues in the Exynos chipsets can turn off Wi-Fi and Voice-over-LTE settings, researchers from Google's Project Zero say.

Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles

Categories: News Tags: android Tags: google Tags: samsung Tags: chip Tags: VoLTE Tags: modem Tags: chipset Tags: vulnerability Tags: pixel Tags: CVE-2023-24033 We take a look at multiple vulnerabilities highlighted by Google's Project Zero team, and what you can do to ward off the threat of attack. (Read more...) The post Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles appeared first on Malwarebytes Labs.

A week in security (March 13 - 19)

Categories: News Tags: Becky Holmes Tags: Lock and Code S04E06 Tags: ransomware Tags: WhatsApp Tags: AI chatbot Tags: investment fraud Tags: Clop Tags: Microsoft zero-day Tags: Microsoft Tags: STALKER 2 Tags: Facebook Tags: Microsoft OneNote Tags: LockBit Tags: Rubrik The most interesting security related news from the week of March 13 to 19. (Read more...) The post A week in security (March 13 - 19) appeared first on Malwarebytes Labs.

Security News This Week: Ring Is in a Standoff With Hackers

Plus: A SpaceX supplier ransom, critical vulnerabilities in dozens of Android phones, and more.