This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
12/14/2020
Starbucks Mobile Platform Vulnerability Could Lead To Remote Code Execution
The Latest Hacking News
Starbucks has recently addressed a critical vulnerability affecting its mobile platform. The bug, upon exploitation, could severely threaten the platform security as it allowed code execution attacks.
Starbucks Mobile Platform Vulnerability A security researcher Kamil “ko2sec” Onur Özkaleli discovered a critical security vulnerability in the Starbucks mobile platform. In brief, the bug affected the Singapore domain of the coffee giant. Exploiting this bug could allow an adversary to execute codes via remote access on the target platform. Specifically, the vulnerability resided in the file upload feature on the domain mobile.starbucks.com.sg. This feature generally allows uploading image files. However, it lacked a check on the type of file uploads. Hence, it became possible for an attacker to upload malicious files to the domain and execute malicious codes.
Attribution link: https://latesthackingnews.com/2020/12/12/starbucks-mobile-platform-vulnerability-could-lead-to-remote-code-execution/
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more informationResources
Your electronic library to help in fighting financial fraud for all of our partners.
more information