With the rise in the mobile market, Adware has become one of the most prevalent mobile threats in the world. Adware has traditionally been used to aggressively push ads like banners or pop-ups on mobile screens to make money.
The troublesome part is that Adware is now becoming trojanized and more sophisticated, as it aggressively collects personal data from the mobile device it’s installed on
Kaspersky Lab, a global cybersecurity company, today announced the winners of its Kaspersky Academy Talent Lab, an international competition for university students and young professionals aged 18-30.
Joomla Simple Membership component version 3.3.3 suffers from a remote SQL injection vulnerability.
Posted by Roee Hay on Mar 14
Title:
Attacking Nexus 9 with Malicious Headphones
Identifier:
CVE-2017-0510
Severity:
Critical
Product:
Google Nexus 9
Vulnerable Version:
Android 7.1.1 N4F26Q and below
Mitigation:
Upgrade to build N4F26T (March 2017 Security patches).
Technical Details:
Nexus 9 (running build N4F26Q and below) allows unauthorized access to the FIQ debugger via its headphones jack, which
has the following impact:
1. It enables sensitive information…
Posted by x ksi on Mar 14
Hey list. It’s possible to spoof an URL in mobile versions (Android)
of the UC browser [1][2] via <title> HTML tags. The newest version
from gplay (11.2.5.932) and the Meizu [3][4] branded default browser
(6.1.301) are affected. And the shocking poc would be:
Posted by hyp3rlinx on Mar 14
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-
PATH-TRAVERSAL-REMOTE-FILE-ACCESS.txt
[+] ISR: ApparitionSec
Vendor:
=====================
mobaxterm.mobatek.net
Product:
===============================
MobaXterm Personal Edition v9.4
Enhanced terminal for Windows with X11 server, tabbed SSH client, network
tools and much more.
Vulnerability…
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way the Windows Uniscribe handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website.
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker could exploit this vulnerability by running a specially crafted application.
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way the Windows Uniscribe handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website.
An elevation of privilege vulnerability exists in the Windows kernel-mode driver. The vulnerability is due to the way the driver fails to properly handle objects in memory. An attacker can exploit this vulnerability by logging on to the system and running a specially crafted application.