In this write-up we will show you how Seekurity team was able to harvest all the user’s private/custom activities leaves more than 20 million private custom activities data in danger.
First of all, this write-up is not a new one and the discovery itself is dated back to 2017 but we decided to disclose it right now after we gave Fitbit the reasonable amount of time to patch the vulnerability and to protect the health data about the users!
Continue reading “Fitbit – APIs and Access Control Failures, a simple API bug allowed to harvest millions of user private activities!”
Today’s discovery is not a big deal too, just another Clickjacking in the world, but this time in the newly added “OPT-IN” feature by coinhive and authedmine but first let’s know some terms before we begin.
What is Coinhive?
Continue reading “CryptoJacking by Clickjacking: Bypassing Coinhive OPT-IN feature and trick users into Cryptocurrency mining!”