CVE-2021-30858: Use-after-free in WebKit affecting pre-Safari 14.1.2, pre-iOS 14.8
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-30858.html
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-30858.html
A threat analysis of sideloading by Apple
There are 31 pages explaining why Apple will not allow sideloading apps on iOS
https://www.apple.com/privacy/docs/Building_a_Trusted_Ecosystem_for_Millions_of_Apps_A_Threat_Analysis_of_Sideloading.pdf
There are 31 pages explaining why Apple will not allow sideloading apps on iOS
https://www.apple.com/privacy/docs/Building_a_Trusted_Ecosystem_for_Millions_of_Apps_A_Threat_Analysis_of_Sideloading.pdf
Malware bypassing OTP-based authentication to target Indian Banking customers
https://blog.cyble.com/2021/10/13/malware-bypassing-otp-based-authentication-to-target-indian-banking-customers/
https://blog.cyble.com/2021/10/13/malware-bypassing-otp-based-authentication-to-target-indian-banking-customers/
Cyble
Cyble - Malware Bypassing OTP-based Authentication To Target Indian Banking Customers
A phishing campaign has been targeting the customers of an Indian bank using a Stealer app.
CryptoRomance fake iOS cryptocurrency apps hit US, European victims for at least $1.4 million
https://news.sophos.com/en-us/2021/10/13/cryptorom-fake-ios-cryptocurrency-apps/
https://news.sophos.com/en-us/2021/10/13/cryptorom-fake-ios-cryptocurrency-apps/
Sophos News
CryptoRom fake iOS cryptocurrency apps hit US, European victims for at least $1.4 million
Scammers combine romantic lures with crypto scams, abusing Apple’s ad-hoc app distribution to steal millions from people around the world.
Google's Threat Analysis Group (TAG) found an attempt to upload Android spyware to Google Play Store disguised as a VPN app. It was part of APT35 group.
https://blog.google/threat-analysis-group/countering-threats-iran/
https://blog.google/threat-analysis-group/countering-threats-iran/
Google
Countering threats from Iran
Google’s Threat Analysis Group tracks actors involved in disinformation campaigns, government backed hacking, and financially motivated abuse. We have a long-standing policy to send you a warning if we detect that your account is a target of government-backed…
The Challenges of Fuzzing 5G Protocols (NGAP, GTPU, PFCP, & DIAMETER)
Network fuzzers used:
- Fuzzowski
- Frizzer
- AFLNet
https://research.nccgroup.com/2021/10/11/the-challenges-of-fuzzing-5g-protocols/
Network fuzzers used:
- Fuzzowski
- Frizzer
- AFLNet
https://research.nccgroup.com/2021/10/11/the-challenges-of-fuzzing-5g-protocols/
👍1🥰1
Android Exploits 101 workshop
Overview of the modern Android exploits with examples + goes over the common flows of Android exploits
[video] https://youtu.be/squuwVQiPgg
Overview of the modern Android exploits with examples + goes over the common flows of Android exploits
[video] https://youtu.be/squuwVQiPgg
YouTube
Android Exploits 101 Workshop
This workshop is an overview of the "shape" of modern Android exploits with examples. It goes over the common flows of Android exploits, using lots of recent examples. This is an introductory overview to 0-day exploits targeting Android. Slides: https://…
🥰1
Oversecured released an iOS app vulnerability scanner
iOS vulnerability list: https://oversecured.com/vulnerabilities#iOS
Vulnerable app: https://github.com/oversecured/ovia
Report: https://content.oversecured.com/oversecured_sample_report_ios.pdf
iOS vulnerability list: https://oversecured.com/vulnerabilities#iOS
Vulnerable app: https://github.com/oversecured/ovia
Report: https://content.oversecured.com/oversecured_sample_report_ios.pdf
Minecraft was the most commonly used game noscript for masking cyber threats on mobile platforms between July 1, 2020, and June 30, 2021.
Upwards of 44 thousand gamers were affected, with close to 303 thousand unique detections
https://atlasvpn.com/blog/minecraft-most-malware-infected-game-on-the-market-with-228k-users-affected
Upwards of 44 thousand gamers were affected, with close to 303 thousand unique detections
https://atlasvpn.com/blog/minecraft-most-malware-infected-game-on-the-market-with-228k-users-affected
NordVPN
Real news from the cybersecurity world
At NordVPN, we believe that everyone deserves privacy and security online. Read our NordVPN blog for all the latest cybersecurity news and tech insights.
reFlutter - Flutter apps traffic monitoring
Make app trust installed certificates by repacking it with reFlutter and use Burp Suite. No root, no VPN.
https://github.com/ptswarm/reFlutter
Make app trust installed certificates by repacking it with reFlutter and use Burp Suite. No root, no VPN.
https://github.com/ptswarm/reFlutter
GitHub
GitHub - ptswarm/reFlutter: Flutter Reverse Engineering Framework
Flutter Reverse Engineering Framework. Contribute to ptswarm/reFlutter development by creating an account on GitHub.
👍1
The ultimate guide to Android SSL pinning bypass
https://redhuntlabs.com/wp-content/uploads/2021/10/Ultimate-Guide-to-SSL-Pinning-Bypass-RedHunt-Labs-Attack-Surface-Management.pdf
https://redhuntlabs.com/wp-content/uploads/2021/10/Ultimate-Guide-to-SSL-Pinning-Bypass-RedHunt-Labs-Attack-Surface-Management.pdf
New York Times Journalist Ben Hubbard Hacked with iOS Pegasus after Reporting on Previous Hacking Attempts
https://citizenlab.ca/2021/10/breaking-news-new-york-times-journalist-ben-hubbard-pegasus/
https://citizenlab.ca/2021/10/breaking-news-new-york-times-journalist-ben-hubbard-pegasus/
The Citizen Lab
Breaking the News: New York Times Journalist Ben Hubbard Hacked with Pegasus after Reporting on Previous Hacking Attempts - The…
Our forensic analysis of two iPhones belonging to Hubbard found evidence of Pegasus infections in July 2020 and June 2021. Notably, these infections occurred after Hubbard reported in January 2020 that we found that he was targeted in 2018 by the Saudi Arabia…
Location Data Firm Got GPS Data From Apps Even When People Opted Out (Huq SDK)
https://www.vice.com/en/article/5dgmqz/huq-location-data-opt-out-no-consent
https://www.vice.com/en/article/5dgmqz/huq-location-data-opt-out-no-consent
Vice
Location Data Firm Got GPS Data From Apps Even When People Opted Out
The news around location data firm Huq shows that data companies may not even really know if they've received consent to harvest information from ordinary phones.
Android fraud campaign (UltimaSMS) with 151 apps reached 10.5 million installs was used to subscribe users to premium SMS subnoscription services without their knowledge. 80 of them were on Google Play Store.
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
Avast
UltimaSMS: A widespread premium SMS scam on the Google Play Store
An array of scam apps, including a fake photo editor, camera filter, and various games, have been promoted via Instagram and TikTok channels.
How to exploit a double free vulnerability in 2021. 'Use-After-Free for Dummies'
https://github.com/stong/how-to-exploit-a-double-free
https://github.com/stong/how-to-exploit-a-double-free
GitHub
GitHub - stong/how-to-exploit-a-double-free: How to exploit a double free vulnerability in 2021. Use After Free for Dummies
How to exploit a double free vulnerability in 2021. Use After Free for Dummies - stong/how-to-exploit-a-double-free
👍1
Use-After-Free in Voice Control: CVE-2021-30902 Write-up
https://blog.zecops.com/research/use-after-free-in-voice-control-cve-2021-30902/
https://blog.zecops.com/research/use-after-free-in-voice-control-cve-2021-30902/
Jamf
Jamf Threat Labs | Blog
Android spyware apps target Israel in three-year-long campaign (APT-C-23)
https://www.bleepingcomputer.com/news/security/android-spyware-apps-target-israel-in-three-year-long-campaign/
https://www.bleepingcomputer.com/news/security/android-spyware-apps-target-israel-in-three-year-long-campaign/
BleepingComputer
Android spyware apps target Israel in three-year-long campaign
A set of seemingly innocuous Android apps have been infecting Israeli users with spyware since 2018, and the campaign continues to this day.
👍1
iPhone Apps Can Tell Many Things About You Through the Accelerometer
https://www.mysk.blog/2021/10/24/accelerometer-ios/
https://www.mysk.blog/2021/10/24/accelerometer-ios/
Mysk Blog – In-Depth Cybersecurity & Mobile App Privacy Research
iPhone Apps Can Tell Many Things About You Through the Accelerometer
Nearly every modern smartphone is equipped with an accelerometer, which, as the name implies, is a sensor that measures acceleration. It's most commonly used for detecting the device's orientation. It also has many other uses, whether as a game controller…
Android AbstractEmu Malware: Rooting Malware Makes a Comeback
https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
Lookout
Rooting Malware Makes Comeback: Lookout Discovers Global Campaign | Threat Intel
Security researchers at Lookout have identified a new rooting malware distributed on Google Play, the Amazon Appstore and the Samsung Galaxy Store.
Android security checklist: WebView
https://blog.oversecured.com/Android-security-checklist-webview/
https://blog.oversecured.com/Android-security-checklist-webview/
News, Techniques & Guides
Android security checklist: WebView
WebView is a web browser that can be built into an app, and represents the most widely used component of the Android ecosystem; it is also subject to the largest number of potential errors.
Android WebViews use and abuse
https://docs.google.com/presentation/d/18xhCZ4fnC2UC4FZ7w_zEIKfiejckn86JU1RqGxvEhTM/mobilepresent?slide=id.g1006589e594_0_3
https://docs.google.com/presentation/d/18xhCZ4fnC2UC4FZ7w_zEIKfiejckn86JU1RqGxvEhTM/mobilepresent?slide=id.g1006589e594_0_3
Google Docs
AS - WebViews
APPLICATION SECURITY (Threats and Malpractices) Speaker: Dimitrios Valsamaras | @Ch0pin https://www.linkedin.com/in/valsamaras/