Explore >> Select a destination

You are here

 embracethered.com
Hacking Google Bard - From Prompt Injection to Data Exfiltration ยท Embrace The Red
| | rtx.meta.security
Bypassing the "run-as" debuggability check on Android via newline injection | Meta Red Team X
12.3 parsecs away

Travel
| | An attacker with ADB access to an Android device can trick the "run-as" tool into believing any app is debuggable. By doing so, they can read and write private data and invoke system APIs as if they were most apps on the system-including many privileged apps, but not ones that run as the system user. Furthermore, they can achieve persistent code execution as Google Mobile Services (GMS) or as apps that use its SDKs by altering executable code that GMS caches in its data directory.
| | swordbytes.com
Overwolf 1-Click Remote Code Execution - CVE-2021-33501
8.1 parsecs away

Travel
| | SwordBytes researchers have identified an Unauthenticated Remote Code Execution (RCE) vulnerability in Overwolf's Client Application by abusing a Reflected Cross-Site Scripting (XSS) issue present in the "overwolfstore://" URL handler. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the underlying operating system that hosts Overwolf's Client Application.
| | palant.info
McAfee WebAdvisor: From XSS in a sandboxed browser extension to administrator privileges | Almost Secure
12.4 parsecs away

Travel
| | A vulnerability in McAfee WebAdvisor allowed any website to gain administrator privileges. User interaction required: two clicks anywhere on the page.
| | www.syntaxbearror.io
Bear Security - Security News for the Week of July 5th, 2021 | Syntax Bearror
32.4 parsecs away

Travel
| Supply Chain Attack on MSPs leave thousands with ransomware, Print Spooler woes continue with Windows, and more on this week's episode of Bear Security.