A nice post on Unicode related Github vulnerability. This thing allowed an attacker to receive a reset password link for a Github account. That’s kinda fun!
#cybersec #unicode #vulnerability
#cybersec #unicode #vulnerability
A great post about RCE vulnerability in MX Player. The funny part is the RCE was gained because of some Facebook SDK.
#cybersec #vulnerability #facebook
#cybersec #vulnerability #facebook
Medium
Android MX Player — Path Traversal to Code Execution
MX Player is an Android App that you can find on the Google Play Store, having over 500M downloads.
Well, this is huge! A number of severe vulnerabilities were discovered in apps pre-installed on Samsung devices. Possibilities are endless: from spying and reading any file to full control over the system.
#cybersec #samsung #vulnerability
#cybersec #samsung #vulnerability
News, Techniques & Guides
Two weeks of securing Samsung devices: Part 1
After spending two weeks looking for security bugs in the pre-installed apps on Samsung devices, we were able to find multiple dangerous vulnerabilities.
Amazing Kaspersky Password Manager vulnerability: for the standard preset it was generating the same exact password for every user each second.
#cybersec #vulnerability
#cybersec #vulnerability
Ledger
Kaspersky Password Manager: All your passwords belong to us | Ledger
The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time. All the passwords it created could be…
A fascinating story about a Bumble app vulnerability that allowed to retrieve real location of users.
#vulnerability #cybersec #location
#vulnerability #cybersec #location
Robert Heaton
Vulnerability in Bumble dating app reveals any user's exact location | Robert Heaton
The vulnerability in this post is real. The story and characters are obviously not.
Epic fuckup: ads network was installing apps directly to users' devices using certain system-level apps, even when the users tried to close the ad banner. Highly recommend to check the post and the comments.
#vulnerability #cybersec #ads
#vulnerability #cybersec #ads
Reddit
From the androiddev community on Reddit: Ads are now able to bypass Google Play to install apps WITHOUT user consent. Digital Turbine…
Explore this post and more from the androiddev community
In Vietnam COVID pass system used weak cryptography, which allowed researchers to get private key (and ability to generate valid QR codes) using several AWS instances, 9 hours and $250. Factoring as a Service indeed.
#cybersec #vulnerability
#cybersec #vulnerability
Fascinating story!
A researcher has found a way to bypass lockscreen on Pixel devices by entering SIM's PUK code.
#vulnerability #cybersec #google
A researcher has found a way to bypass lockscreen on Pixel devices by entering SIM's PUK code.
#vulnerability #cybersec #google
bugs.xdavidhu.me
Accidental $70k Google Pixel Lock Screen Bypass
David Schütz's bug bounty writeups
Google reports that with each year there are less and less severe and memory safety vulnerabilities in Android, and rather unequivocally nods in Rust direction.
#cybersec #vulnerability #rust
#cybersec #vulnerability #rust
Google Online Security Blog
Memory Safe Languages in Android 13
Posted by Jeff Vander Stoep For more than a decade, memory safety vulnerabilities have consistently represented more than 65% of vulnerab...
There's this vulnerability in macOS that allows to rather accurately get first name of a user. In this post you'll find an explanation and a live demo to try it yourself.
#cybersec #vulnerability #macos
#cybersec #vulnerability #macos
More exciting news from JS world: it turns out that NPM registry doesn't validate package manifest against its content.
#js #cybersec #vulnerability
#js #cybersec #vulnerability