Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Study Finds Amazon, eBay and Afterpay as Top Android User Data Collectors

By Deeba Ahmed Amazon and eBay have been declared the highest data-collecting platforms among all the Android shopping apps researchers examined. This is a post from HackRead.com Read the original post: Study Finds Amazon, eBay and Afterpay as Top Android User Data Collectors

HackRead
Open in Source
#web#ios#android#apple#google#amazon#git#alibaba#chrome
CVE-2023-49298: dnode_is_dirty: check dnode and its data for dirtiness by robn · Pull Request #15571 · openzfs/zfs

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.

Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale

More details have emerged about a malicious Telegram bot called Telekopye that's used by threat actors to pull off large-scale phishing scams. "Telekopye can craft phishing websites, emails, SMS messages, and more," ESET security researcher Radek Jizba said in a new analysis. The threat actors behind the operation – codenamed Neanderthals – are known to run the criminal enterprise as a

Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users

By Deeba Ahmed Telekopye Toolkit was previously identified in August 2023 as being leveraged for a phishing scam by Russian cybercriminals. This is a post from HackRead.com Read the original post: Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users

CVE-2022-44011: Fast Open-Source OLAP DBMS - ClickHouse

An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.

Malwarebytes consumer product roundup: The latest

Here are the innovations we’ve made in our products recently. Are you making the most of them?

CVE-2023-47392: Mercedes me IOS APP has the vulnerability of exceeding the authority to add shopping cart orders and query shopping cart contents

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request.

CVE-2023-47393: Mercedes-benz can download repair orders and contract orders at will

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors.