#android

Zoho Web mail version NA is affected by an incorrect access control vulnerability. Before a domain expires one needs to configure with Zoho web mail to send mails. Upon domain expiry, the person would still be able to send mail with that account, despite losing ownership of domain.

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution.

Another Patch Tuesday has come around, and while it may seem as a calm one for a change, there is enough to patch and update. Categories: Exploits and vulnerabilities Tags: 3d viewer adobe Android Cisco citrix excel exchange server Intel microsoft Microsoft Defender patch tuesday rdp sap siemens vmware *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/11/patch-now-microsoft-plugs-actively-exploited-zero-days-and-other-updates/ ) )* The post Patch now! Microsoft plugs actively exploited zero-days and other updates appeared first on Malwarebytes Labs.

PhoneSpy already has stolen data and tracked the activity of targets in South Korea, disguising itself as legitimate lifestyle apps.

An ongoing mobile spyware campaign has been uncovered snooping on South Korean residents using a family of 23 malicious Android apps to siphon sensitive information and gain remote control of the devices. "With more than a thousand South Korean victims, the malicious group behind this invasive campaign has had access to all the data, communications, and services on their devices," Zimperium

JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS.

Is your Android phone running slowly or displaying unwanted ads often? Learn how to scan and clean adware from your Android device. Categories: How-tos *( Read more... ( https://blog.malwarebytes.com/101/how-tos/2021/11/how-to-remove-adware-on-an-android-phone/ ) )* The post How to remove adware on an Android phone appeared first on Malwarebytes Labs.

A now-patched critical remote code execution (RCE) vulnerability in GitLab's web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in arbitrary code execution.

A now-patched critical remote code execution (RCE) vulnerability in GitLab's web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in arbitrary code execution.