Security
Headlines
HeadlinesLatestCVEs

Tag

#android

WhatsApp spam offers up “B&Q Father’s Day Contest 2022”

We take a look at a scam barbeque quiz that asks "winners" to send a lot of WhatsApp messages to qualify. The post WhatsApp spam offers up “B&Q Father’s Day Contest 2022” appeared first on Malwarebytes Labs.

Malwarebytes
#web#android#sap
Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones

A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals). The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a "unique physical-layer

Kik Messenger XMPP Stanza Smuggling

There is a vulnerability in Kik Messenger for Android that allows an attacker to send arbitrary XMPP stanzas (XMPP control messages) to another Kik client, including XMPP stanzas that are normally sent only by the Kik server. Included is a proof of concept that demonstrates sending of the stc stanza which triggers a captcha dialog and opens an arbitrary attacker-control webpage on the victim client. However, the full impact is likely larger than this, and includes any application features accessible over XMPP.

Feds Forced Travel Firms to Share Surveillance Data on Hacker

Sabre and Travelport had to report the weekly activities of former “Cardplanet” cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution.

New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information.  Dubbed Peekaboo by researchers from Carnegie Mellon University, the system "leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before

Why AIs Will Become Hackers

At a 2022 RSA Conference keynote, technologist Bruce Schneier asserted that artificial intelligence agents will start to hack human systems — and what that will mean for us.

CVE-2021-40668

The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write.

Coffee app in hot water for constant tracking of user location

A Tim Hortons app has been flagged for managing to violate Canada's privacy laws. We offer some advice to avoid becoming tangled in app woes. The post Coffee app in hot water for constant tracking of user location appeared first on Malwarebytes Labs.

FBI Seizes 'SSNDOB' ID Theft Service for Selling Personal Info of 24 Million People

An illicit online marketplace known as SSNDOB was taken down in operation led by U.S. law enforcement agencies, the Department of Justice (DoJ) announced Tuesday. SSNDOB trafficked in personal information such as names, dates of birth, credit card numbers, and Social Security numbers of about 24 million individuals in the U.S., generating its operators $19 million in sales revenue. The action

CVE-2020-36533: Knapp daneben ist auch vorbei

A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The manipulation leads to weak authentication. The attack may be initiated remotely.