Skip to content

Gotham Security Daily Threat Alerts

by on August 25, 2014

August 22, Softpedia – (International) Credentials can be stolen in UI state inference attack. Researchers presenting at the USENIX Security Symposium published a paper outlining a new form of attack called a user interface (UI) inference attack that can steal Android users’ credentials by conducting a side-channel attack relying on a common shared-memory mechanism used by window managers. The attack uses a malicious app that does not require permissions and the researchers believe that the same vulnerability likely exists in other operating systems such as iOS, Windows, and OSX. Source: http://news.softpedia.com/news/Credentials-Can-Be-Stolen-In-UI-State-Inference-Attack-456028.shtml

August 22, Securityweek – (International) Vulnerability found in Google Wallet, Alipay payment SDKs. Researchers with Trend Micro identified and reported a security vulnerability in the in-app payment SDKs for Google Wallet and Alibaba Alipay in Android that can be exploited by attackers using intent-filters to display phishing messages and obtain user credentials. Alibaba and Google both released updates to their apps after being informed by the researchers May 27. Source: http://www.securityweek.com/vulnerability-found-google-wallet-alipay-payment-sdks

August 22, Softpedia – (International) Vulnerability in Akeeba Backup for Joomla went undetected for years. Sucuri researchers found a vulnerability in the Akeeba Backup extension for Joomla that has existed for years and could allow a skilled attacker to access backup files created with Akeeba and download them. The researchers stated that the security risk presented by the vulnerability was low due to the difficulty in exploiting it, and the newest version of Akeeba is no longer vulnerable. Source: http://news.softpedia.com/news/Vulnerability-in-Akeeba-Backup-for-Joomla-Went-Undetected-for-Years-455961.shtml

 

From → Security

Comments are closed.

%d bloggers like this: