#apple

SparkKitty Spyware on App Store and Play Store, Steals Photos for Crypto Data

Kaspersky uncovers SparkKitty, new spyware in Apple App Store & Google Play. Steals photos, targets crypto info, active since early 2024 via malicious apps.

1 day ago

HackRead

Open in Source

#web #ios #android #mac #apple #google #git

Scammers Use Inferno Drainer to Steal $43K from CoinMarketCap Users

Scammers used Inferno Drainer to steal $43,000 in crypto from 110 CoinMarketCap users through a fake wallet prompt embedded in the site’s front-end.

3 days ago

HackRead

Open in Source

#vulnerability #web #apple #git #intel #auth

GHSA-vrw8-fxc6-2r93: chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes

### Summary The RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect. ### Details The RedirectSlashes method uses the Host header to construct the redirectURL at this line https://github.com/go-chi/chi/blob/v5.2.1/middleware/strip.go#L55 The Host header can be manipulated by a user to be any arbitrary host. This leads to open redirect when using the RedirectSlashes middleware ### PoC Create a simple server which uses the RedirectSlashes middleware ``` package main import ( "fmt" "net/http" "github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5/middleware" // Import the middleware package ) func main() { // Create a new Chi router r := chi.NewRouter() // Use the built-in RedirectSlashes middleware r.Use(middleware.RedirectSlashes) // Use middleware.RedirectSlashes // Define a route handler r.Get("/", func(w http.ResponseWriter, r *http.Request) { // A simple response w.Write([]byte("Hello, World!")) }) ...

5 days ago

ghsa

Open in Source

#vulnerability #mac #apple #git

Scammers Insert Fake Support Numbers on Real Apple, Netflix, PayPal Pages

Cybercriminals are injecting fake support phone numbers onto official sites like Bank of America and Netflix. Learn how 'search parameter injection' scams work and protect yourself now.

6 days ago

HackRead

Open in Source

#web #apple #google #microsoft #git #auth

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

Researchers have uncovered 30 exposed data sets containing over 16 billion login credentials which were likely harvested by infostealers.

6 days ago

Malwarebytes

Open in Source

#apple #google #git #intel #auth

BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware

The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices. Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received a

6 days ago

The Hacker News

Open in Source

#web #mac #apple #backdoor #The Hacker News

Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone number

Scammers are abusing sponsored search results, displaying their scammy phone number on legitimate brand websites.

8 days ago

Malwarebytes

Open in Source

#vulnerability #web #apple #google #microsoft #git #auth

Reddit’s new AI-powered tools scan your posts to serve you better ads

Reddit has announced more AI-powered tools to help advertisers. But do users care for it?