A vulnerability in the stalkerware Catwatchful allowed a security researcher to steal a database containing 62,000 user accounts. Catwatchful, designed to be undetectable, had weak security on one of its servers, enabling the researcher to access plaintext login details. Despite efforts to identify the administrator and take down the software, Catwatchful remains operational with temporary sites to replace seized domains. The increase in stalkerware installations raises concerns about user privacy and security, highlighting the need for ongoing vigilance against such threats. Additionally, Google patched a critical zero-day vulnerability in Chrome's V8 engine this week.
A security researcher uncovered an SQL vulnerability in stalkerware Catwatchful, allowing him to steal a database with 62,000 user accounts, including administrator credentials.
Catwatchful, marketed as undetectable and unstoppable, performed two POST requests, one of which lacked security measures, exposing plaintext login details for its user accounts.
The rise of stalkerware installations continues despite breaches by security researchers, highlighting ongoing vulnerabilities that affect users' privacy and security.
Despite the quick action taken by Google to patch a zero-day in the V8 JavaScript engine, users are urged to remain vigilant about timely updates and security.
Collection
[
|
...
]