#android

bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default.

Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.

Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection

APT42 is posing as a friend to people considered threats to the government, using a raft of different tools to steal relevant info and perform surveillance.

Categories: Personal Last week, we discussed setting up an iPhone for your child. In this post, we've done the same for Android. (Read more...) The post How to set up an Android for your kids appeared first on Malwarebytes Labs.

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07063849; Issue ID: ALPS07063849.

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information.

By Deeba Ahmed SharkBot malware is known for spreading itself through fake security solution apps on Google Play Store. This is a post from HackRead.com Read the original post: Malicious Security App on Play Store Caught Dropping SharkBot Malware

A previously undocumented strain of Android spyware with extensive information gathering capabilities has been found disguised as a book likely designed to target the Uyghur community in China. The malware comes under the guise of a book titled "The China Freedom Trap," a biography written by the exiled Uyghur leader Dolkun Isa. "In light of the ongoing conflict between the

Categories: News The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (August 29 - September 4) appeared first on Malwarebytes Labs.