🟠 Concrete CMS, Stored Cross-site Scripting, #CVE-2024-4353 (Medium)

https://dailycve.com/concrete-cms-stored-cross-site-scripting-cve-2024-4353-medium/

@Daily_CVE

🟠 Concrete CMS, Stored XSS, #CVE-2024-3180 (Medium)

https://dailycve.com/concrete-cms-stored-xss-cve-2024-3180-medium/

@Daily_CVE

🟠 Mattermost Data Amplification Vulnerability (Moderate)

https://dailycve.com/mattermost-data-amplification-vulnerability-moderate/

@Daily_CVE

🛒 #Tesla Surges in South Korea's EV Market, Poised to Break Sales Record

https://undercodenews.com/tesla-surges-in-south-koreas-ev-market-poised-to-break-sales-record/

@Undercode_News

🔴 Cosmos SDK: Transaction Decoding Vulnerabilities (ASA-2024-0012 & ASA-2024-0013) - High Severity

https://dailycve.com/cosmos-sdk-transaction-decoding-vulnerabilities-asa-2024-0012-asa-2024-0013-high-severity/

@Daily_CVE

🤖 #iOS 183 Beta Brings HomeKit Support for Robot Vacuums

https://undercodenews.com/ios-183-beta-brings-homekit-support-for-robot-vacuums/

@Undercode_News

🦑ANDROID PIN CRACKING - Live Video Demonstration

This document presents a functional Proof-of-Concept (PoC) for a novel attack vector targeting #Android #smartphones running the latest Android version and #security patches. This attack has been successfully validated on over 20 popular brands, including Google Pixel and OnePlus devices. The PoC demonstrates the ability to compromise both standard 4-digit and 6-digit PINs, as well as pattern locks and PINs required for device boot-up.

1️⃣The attack leverages a physical Rubber Ducky device, which exploits the Human Interface Device (HID) protocol to emulate keyboard input. By employing a brute-force approach, the device systematically attempts PIN combinations from 0000 to 9999, saving the correct PIN upon successful authentication. To mitigate detection mechanisms, the attack is designed to halt after five unsuccessful attempts and a 30-minute timeout. Furthermore, the device's configuration and scripting capabilities can be tailored to specific target devices.

> Beyond PIN cracking, the #RubberDucky can be programmed to enable USB debugging, opening the door to a wider range of potential attacks. This includes reverse shell connections, binding shell sessions, and camera exploitation, ultimately exposing the device to data leakage and other security risks.

⚛Here is a working Proof of concept of the latest attack discovered by me that exploits Android Smartphones working on the latest version of Android and the latest security patches that can break Android PIN (4-digit PIN and 6-digit PIN) tested on 20 brands including the Google Pixel series and OnePlus devices. The demonstration can crack PIN patterns and also the PIN that is required before the device is turned on. The device is a rubber ducky that uses an HID exploit that can work like a keyboard and use brute force attack i.e. trying PIN from 0000 to 9999 and also saving the PIN once unlocked. The device is configured to work with a timeout of 30 minutes after 5 attempts and the scripts can be configured based on the device we are working on. It can store 5MB of Python Script which is executed after the Arduino firmware is complete. It works on ATMega chipset and allows the user to also enable USB debugging which can further enable other attacks like reverse shell and binding connections exposing users to Camera exploits and even data leaks.

Ref: Priyank Gada
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Microsoft's #Copilot Key: A Hasty Decision with Unintended Consequences

https://undercodenews.com/microsofts-copilot-key-a-hasty-decision-with-unintended-consequences/

@Undercode_News

8 Ways to Use #Google Home for a Cozy, Festive Holiday

https://undercodenews.com/8-ways-to-use-google-home-for-a-cozy-festive-holiday/

@Undercode_News

⚡️ Threads Takes a Cue from Bluesky: New Curated Collections Feature

https://undercodenews.com/threads-takes-a-cue-from-bluesky-new-curated-collections-feature/

@Undercode_News

Zomato Faces Leadership Shakeup as CFO Resigns

https://undercodenews.com/zomato-faces-leadership-shakeup-as-cfo-resigns/

@Undercode_News

📚 The Education Industry: A Target for Cybercriminals

https://undercodenews.com/the-education-industry-a-target-for-cybercriminals/

@Undercode_News

📱 Lost Luggage? #Apple AirTag Users Can Now Share Location with Airlines

https://undercodenews.com/lost-luggage-apple-airtag-users-can-now-share-location-with-airlines/

@Undercode_News

🛡️ Informative Secure Your Family's #Digital Future with pCloud's Holiday Deals

https://undercodenews.com/informative-secure-your-familys-digital-future-with-pclouds-holiday-deals/

@Undercode_News

🔵 with Analysis

https://dailycve.com/with-analysis/

@DailyCVE

🟠 OpenHarmony Insecure Storage Vulnerability (#CVE-2024-21826) - Medium

https://dailycve.com/openharmony-insecure-storage-vulnerability-cve-2024-21826-medium/

@Daily_CVE

Lamborghini Shifts Gears: Electric Supercar Delayed Until 2029

https://undercodenews.com/lamborghini-shifts-gears-electric-supercar-delayed-until-2029/

@Undercode_News

🔴 #Android, Privilege Escalation, #CVE-2024-0046 (Critical)

https://dailycve.com/android-privilege-escalation-cve-2024-0046-critical/

@Daily_CVE

#Instagram’s Year-End Feature: A Nostalgic Recap

https://undercodenews.com/instagrams-year-end-feature-a-nostalgic-recap/

@Undercode_News