Facebook Messenger for Android indirect thread deletion vulnerability
https://servicenger.com/blog/mobile/android/facebook-messenger-for-android-indirect-thread-deletion/
https://servicenger.com/blog/mobile/android/facebook-messenger-for-android-indirect-thread-deletion/
FlyTrap Android Malware Compromises Thousands of Facebook Accounts
https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/
https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/
Bahamut Threat Group Targeting Users Through Phishing Campaign https://blog.cyble.com/2021/08/10/bahamut-threat-group-targeting-users-through-phishing-campaign/
Cyble
Cyble - Bahamut Threat Group Targeting Users Through Phishing Campaign
A phishing campaign from a Twitter post. The Threat Actor (TA) hosts malicious Android APK files on a counterfeit version of Jamaat websites.
Solving CTF with Frida - Part 5 https://cmrodriguez.me/blog/hpandro-5/
cmrodriguez.me
Cesar Rodriguez | Personal blog
frida ctf challenge root detection
Android security guides, roadmap, docs, courses, write-ups, and teryaagh https://github.com/Ralireza/Android-Security-Teryaagh
GitHub
GitHub - Ralireza/Android-Security-Teryaagh: Android security guides, roadmap, docs, courses, write-ups, and teryaagh.
Android security guides, roadmap, docs, courses, write-ups, and teryaagh. - GitHub - Ralireza/Android-Security-Teryaagh: Android security guides, roadmap, docs, courses, write-ups, and teryaagh.
The second part of discovered vulnerabilities in pre-installed apps on Samsung devices
https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/
https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/
News, Techniques & Guides
Two weeks of securing Samsung devices: Part 2
As mentioned in the [first part](https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/) of this series,Oversecured spent two weeks finding security bugs in Samsung’s built-in apps.
Reversing ActionSpy Android Malware https://0x00sec.org/t/reversing-actionspy-android-malware/26537
Analysis of Huawei’s OTA Fix For BootROM Vulnerabilities https://labs.taszk.io/articles/post/huawei_kirin990_bootrom_patch/
labs.taszk.io
Test Point Break: Analysis of Huawei’s OTA Fix For BootROM Vulnerabilities
Reverse engineering the OTA that broke the bootrom exploits
Accept Facebook friend requests without unlocking your Android [Unpatched] https://seclists.org/fulldisclosure/2021/Aug/10
seclists.org
Full Disclosure: Accept Facebook friend requests without unlocking your Android
[Unpatched]
[Unpatched]
Common mistakes when using permissions in Android
https://blog.oversecured.com/Common-mistakes-when-using-permissions-in-Android/
https://blog.oversecured.com/Common-mistakes-when-using-permissions-in-Android/
News, Techniques & Guides
Common mistakes when using permissions in Android
When an Android app needs access to sensitive resources on the device, the app developers make use of the permissions model. While the model can be quite simple to use, developers often make mistakes when using permissions and this leads to security problems.
Triada Trojan in WhatsApp mod
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
Securelist
Triada Trojan in WhatsApp mod
We discovered that the Trojan Triada snook into one of modified versions of the WhatsApp messenger called FMWhatsapp 16.80.0 together with the advertising software development kit (SDK).
From Pearl to Pegasus Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits
https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/
https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/
The Citizen Lab
From Pearl to Pegasus
We identified nine Bahraini activists whose iPhones were successfully hacked with NSO Group’s Pegasus spyware between June 2020 and February 2021. The hacked activists included three members of Waad (a secular Bahraini political society), three members of…
Solving Android CTF with Frida - Part 6
https://cmrodriguez.me/blog/hpandro-6/
https://cmrodriguez.me/blog/hpandro-6/
cmrodriguez.me
Cesar Rodriguez | Personal blog
frida ctf challenge emulator detection
Hacking Xiaomi's android apps - Part 1
http://blog.takemyhand.xyz/2021/07/hacking-on-xiaomis-android-apps.html
http://blog.takemyhand.xyz/2021/07/hacking-on-xiaomis-android-apps.html
👍2
hpAndro Vulnerable Application Challenges
part 1 - https://nibarius.github.io/learning-frida/2021/08/26/hpandro-part1
part 2 - https://nibarius.github.io/learning-frida/2021/08/28/hpandro-part2
part 3 - https://nibarius.github.io/learning-frida/2021/08/29/hpandro-hidden-levels
part 1 - https://nibarius.github.io/learning-frida/2021/08/26/hpandro-part1
part 2 - https://nibarius.github.io/learning-frida/2021/08/28/hpandro-part2
part 3 - https://nibarius.github.io/learning-frida/2021/08/29/hpandro-hidden-levels
Learning Frida
hpAndro Vulnerable Application Challenges - part 1
hpAndro Vulnerable Application is an Android CTF with a lot of challenges (100 at the time of writing) and new challenges are added every now and then. The challenges are based on the OWASP Mobile Security Testing Guide and there are many different types…
Internal of the Android kernel backdoor vulnerability CVE-2021-28663
http://translate.google.com/translate?hl=en&sl=auto&tl=en&u=https%3A%2F%2Fvul.360.net%2Farchives%2F263
http://translate.google.com/translate?hl=en&sl=auto&tl=en&u=https%3A%2F%2Fvul.360.net%2Farchives%2F263
Anubis Android Malware Analysis
https://0x1c3n.tech/anubis-android-malware-analysis
https://0x1c3n.tech/anubis-android-malware-analysis
iOS Pentesting 101
https://cobalt.io/blog/ios-pentesting-101
https://cobalt.io/blog/ios-pentesting-101
www.cobalt.io
iOS Pentesting 101
Learn essential techniques for iOS application security testing, exploring architecture, jailbreaking, SSL pinning, and more in this comprehensive pentesting guide.
Summary:
The blog provides a comprehensive guide to iOS application security testing, covering…
Summary:
The blog provides a comprehensive guide to iOS application security testing, covering…
FTC Bans Stalkerware App SpyFone; Orders Company to Erase Secretly Stolen Data
https://thehackernews.com/2021/09/ftc-bans-stalkerware-app-spyfone-orders.html
https://thehackernews.com/2021/09/ftc-bans-stalkerware-app-spyfone-orders.html