Researcher discloses iPhone lock screen bypass on iOS 15 launch day
https://therecord.media/researcher-discloses-iphone-lock-screen-bypass-on-ios-15-launch-day/
https://therecord.media/researcher-discloses-iphone-lock-screen-bypass-on-ios-15-launch-day/
The Record
Researcher discloses iPhone lock screen bypass on iOS 15 launch day
On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass that can be exploited to grant attackers access to a user's notes.
Burp Suite Mobile Assistant for testing iOS apps with Burp Suite
https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing
https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing
portswigger.net
Mobile testing - PortSwigger
You can use Burp Suite to perform security tests for mobile applications. To do this, you need to configure the mobile device to proxy its traffic via Burp ...
A Stalkerware Firm Is Leaking Real-Time Screenshots of People's Phones Online
https://www.vice.com/en/article/m7ezj8/stalkerware-leaking-phone-screenshots-pctattletale
https://www.vice.com/en/article/m7ezj8/stalkerware-leaking-phone-screenshots-pctattletale
VICE
A Stalkerware Firm Is Leaking Real-Time Screenshots of People's Phones Online
pcTattleTale, which markets itself for monitoring spouses without their consent, lets anyone view screenshots of infected devices by just visiting specific URLs.
TangleBot aka Medusa: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures
https://www.cloudmark.com/en/blog/mobile/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19
https://www.cloudmark.com/en/blog/mobile/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19
Cloudmark
TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures | Cloudmark EN
Key Takeaways
A clever and complicated new SMS malware attack has been discovered in the United States and Canada.
This malware, coined TangleBot, can directly obtainpersonal information, control device interaction with apps and overlay screens, and steal account…
A clever and complicated new SMS malware attack has been discovered in the United States and Canada.
This malware, coined TangleBot, can directly obtainpersonal information, control device interaction with apps and overlay screens, and steal account…
Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program
https://habr.com/ru/post/579714/
https://habr.com/ru/post/579714/
ERMAC - another Android banking trojan based on Cerberus leaked code
https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html
https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html
ThreatFabric
ERMAC - another Cerberus reborn
A new Android trojan, named ERMAC, was advertised on hacking forums by the BlackRock actor, ERMAC is based on Cerberus
Waydroid - a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu
https://github.com/waydroid/waydroid
https://github.com/waydroid/waydroid
GitHub
GitHub - waydroid/waydroid: Waydroid uses a container-based approach to boot a full Android system on a regular GNU/Linux system…
Waydroid uses a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu. - waydroid/waydroid
Assessing the Effectiveness of the Shared Responsibility Model for Cloud Databases: the Case of Google’s Firebase
https://drive.google.com/file/d/1QkuRusjw82pQVJOJXiosYMe-x742SR-M/view
https://drive.google.com/file/d/1QkuRusjw82pQVJOJXiosYMe-x742SR-M/view
In iOS 15, the iPhone is findable even when “Powered off”
https://twitter.com/craiu/status/1442412803546099713
https://twitter.com/craiu/status/1442412803546099713
Twitter
Costin Raiu
In iOS 15, the phone is findable even when “Powered off”.
😁1
How malware gets into the App Store and why Apple can't stop that
https://habr.com/ru/post/580272/
https://habr.com/ru/post/580272/
PixStealer: a new wave of Android banking Trojans abusing Accessibility Services
https://research.checkpoint.com/2021/pixstealer-a-new-wave-of-android-banking-trojans-abusing-accessibility-services/
https://research.checkpoint.com/2021/pixstealer-a-new-wave-of-android-banking-trojans-abusing-accessibility-services/
Check Point Research
PixStealer: a new wave of Android banking Trojans abusing Accessibility Services - Check Point Research
Research by: Israel Wernik, Bohdan Melnykov Introduction By limiting physical interactions, the COVID-19 pandemic significantly accelerated the digitization of the banking industry to fulfill customer needs. To cope with the demand, improve access and awareness…
👍1
GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally
https://blog.zimperium.com/grifthorse-android-trojan-steals-millions-from-over-10-million-victims-globally/
https://blog.zimperium.com/grifthorse-android-trojan-steals-millions-from-over-10-million-victims-globally/
Apple Pay flaw risks letting hackers drain money from locked iPhones
Video demo: https://youtu.be/jznZNEslVik
Article: https://news.sky.com/story/apple-pay-users-should-not-use-visa-as-transport-payment-card-security-experts-warn-12421336
Video demo: https://youtu.be/jznZNEslVik
Article: https://news.sky.com/story/apple-pay-users-should-not-use-visa-as-transport-payment-card-security-experts-warn-12421336
YouTube
Flaw in Apple Pay allows hackers to drain credit cards while phone is locked
An Apple Pay flaw has been exposed that allows hackers to drain credit cards without a phone being unlocked
The Apple Pay lock screen can be bypassed for any iPhone with a Visa card set up in transit mode.
The contactless limit can also be bypassed.
It’s…
The Apple Pay lock screen can be bypassed for any iPhone with a Visa card set up in transit mode.
The contactless limit can also be bypassed.
It’s…
👍1
Text message scam infecting Android phones with FluBot
https://www.cert.govt.nz/individuals/news-and-events/parcel-delivery-text-message-infecting-android-phones/
https://www.cert.govt.nz/individuals/news-and-events/parcel-delivery-text-message-infecting-android-phones/
Bug found in Android Telegram: Messages that should be auto-deleted from participants in private and private group chats were only 'deleted' visually [in the messaging window], but in reality, picture messages remained on the device in the cache (CVE-2021-41861) https://arstechnica.com/information-technology/2021/10/researcher-refuses-telegrams-bounty-award-discloses-auto-delete-bug/
Ars Technica
Researcher refuses Telegram’s bounty award, discloses auto-delete bug
Telegram took months to fix “self-destruct” message bug. Then requested silence.
Waydro - Android on Linux (boot a full Android system on a regular GNU/Linux system like Ubuntu)
https://waydro.id/
https://waydro.id/
Are iPhones Really Better for Privacy? Comparative Study of iOS and Android Apps
https://arxiv.org/abs/2109.13722
https://arxiv.org/abs/2109.13722
Togo: Prominent activist targeted with Indian-made Android spyware linked to Donot Team hacker group (APT-C-35)
Article: https://www.amnesty.org/en/latest/news/2021/10/togo-activist-targeted-with-spyware-by-notorious-hacker-group/
Full report: https://www.amnesty.org/en/documents/afr57/4756/2021/en/
Article: https://www.amnesty.org/en/latest/news/2021/10/togo-activist-targeted-with-spyware-by-notorious-hacker-group/
Full report: https://www.amnesty.org/en/documents/afr57/4756/2021/en/
Amnesty International
Togo: Prominent activist targeted with Indian-made spyware linked to notorious hacker group
New research reveals activists in Togo risk being targeted by shadowy cyber-mercenaries who use covert digital attacks to steal victims’ private information