North Korean hackers posed as Samsung recruiters to target security researchers
https://therecord.media/north-korean-hackers-posed-as-samsung-recruiters-to-target-security-researchers/
https://therecord.media/north-korean-hackers-posed-as-samsung-recruiters-to-target-security-researchers/
therecord.media
North Korean hackers posed as Samsung recruiters to target security researchers
North Korean state-sponsored hackers posed as Samsung recruiters and sent fake job offers to employees at South Korean security companies that sell anti-malware software, Google said this week in the first edition of its new Threat Horizons report.
Android Chinotto multiplatform malware used in espionage campaign by North Korea (Group name: ScarCruft AKA APT37 AKA TempReaper)
https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/
https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/
Securelist
ScarCruft surveilling North Korean defectors and human rights activists
The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor. Recently, we had an opportunity to perform a deeper investigation on a host compromised by this group.
Doctor Web discovered vulnerabilities in children’s smart watches (Elari Kidphone 4G Smartwatch, Wokka Lokka Q50 Smartwatch, Elari FixiTime Lite Smartwatch, Smart Baby Watch Q19 Smartwatch)
Blog: https://news.drweb.com/show/?i=14350&lng=en&c=5
Report: https://f2.drweb.com/get+meta+file/?k=271caf73c9901a0a5ab997757ec10c88
Blog: https://news.drweb.com/show/?i=14350&lng=en&c=5
Report: https://f2.drweb.com/get+meta+file/?k=271caf73c9901a0a5ab997757ec10c88
Dr.Web
«Doctor Web discovered vulnerabilities in children’s smart watches
Smishing Android Botnets Going Viral in Iran
https://research.checkpoint.com/2021/smishing-botnets-going-viral-in-iran/
https://research.checkpoint.com/2021/smishing-botnets-going-viral-in-iran/
Check Point Research
Smishing Botnets Going Viral in Iran - Check Point Research
Research by: Shmuel Cohen Introduction In the last few months, multiple Iranian media and social networks have published warnings about ongoing SMS phishing campaigns impersonating Iranian government services. The story is as old as time: victims click on…
👍2
Android: vold's incremental-fs APIs trust paths from system_server for mounting (CVE-2022-20002)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2221
https://bugs.chromium.org/p/project-zero/issues/detail?id=2221
Analysis of request forgery using Android deep link in CafeBazaar app
https://securityflow.io/impact-of-an-insecure-deep-link/
https://securityflow.io/impact-of-an-insecure-deep-link/
Popular Android malware threats discovered in November, 2021
Full list - https://sk3ptre.github.io/Malware-Timeline-2021/
Download samples - https://github.com/sk3ptre/AndroidMalware_2021
Full list - https://sk3ptre.github.io/Malware-Timeline-2021/
Download samples - https://github.com/sk3ptre/AndroidMalware_2021
sk3ptre
Android Malware Timeline 2021
Popular Android malware seen in 2021, I have uploaded APK files for all the entries that I could on my Github repository
January:
New Android spyware targets users in Pakistan
Going Rogue- a Mastermind behind Android Malware Returns with a New RAT
Imitation…
January:
New Android spyware targets users in Pakistan
Going Rogue- a Mastermind behind Android Malware Returns with a New RAT
Imitation…
👍1
Mobile banking fraud: BRATA strikes again
https://www.cleafy.com/cleafy-labs/mobile-banking-fraud-brata-strikes-again
https://www.cleafy.com/cleafy-labs/mobile-banking-fraud-brata-strikes-again
Cleafy
Mobile banking fraud: BRATA strikes again | Cleafy Labs
The mobile banking malware BRATA strikes again, and it is slowly spreading all over Europe. Read here the new Technical Report, which explains in detail how it works and how to prevent it.
Vulnerability found in Android/Linux kernel leads to use-after-free (CVE-2021-1048)
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-1048.html
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-1048.html
Mobile espionage in Palestine Region by APT-C-23 group
https://raw.githubusercontent.com/T-SecLab/APT-C-23/main/cyber%20espionage%20in%20palestine%20region%20.pdf
https://raw.githubusercontent.com/T-SecLab/APT-C-23/main/cyber%20espionage%20in%20palestine%20region%20.pdf
How a bug in Android and Microsoft Teams could have caused this user’s 911 call to fail
https://medium.com/@mmrahman123/how-a-bug-in-android-and-microsoft-teams-could-have-caused-this-users-911-call-to-fail-6525f9ba5e63
https://medium.com/@mmrahman123/how-a-bug-in-android-and-microsoft-teams-could-have-caused-this-users-911-call-to-fail-6525f9ba5e63
Medium
How a bug in Android and Microsoft Teams could have caused this user’s 911 call to fail
Written by Mishaal Rahman (@MishaalRahman) and edited by @linuxct, Kuba Wojciechowski (@Za_Raczke), and Al Sutton (@alsutton).
Use cryptography in mobile apps the right way
https://blog.oversecured.com/Use-cryptography-in-mobile-apps-the-right-way/
https://blog.oversecured.com/Use-cryptography-in-mobile-apps-the-right-way/
News, Techniques & Guides
Use cryptography in mobile apps the right way
At Oversecured, we scan thousands of apps every month. We observe that some vulnerabilities now come up much less frequently than they did a few years ago.
👍1
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
projectzero.google
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution - Project Zero
Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and...
Pegasus vs. Predator Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
The Citizen Lab
Pegasus vs. Predator
Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour…
👍2
Android Application Testing Using Windows 11 and Windows Subsystem for Android
https://sensepost.com/blog/2021/android-application-testing-using-windows-11-and-windows-subsystem-for-android/
https://sensepost.com/blog/2021/android-application-testing-using-windows-11-and-windows-subsystem-for-android/
A simple frida noscript for iOS apps that spits out API request URLs, headers and body even if SSL pinning is enabled
https://github.com/bhavukjain1/frida_helper/blob/7eb165d23980c84eb9aab5b975738bee296b6ac2/spit_ios.js
https://github.com/bhavukjain1/frida_helper/blob/7eb165d23980c84eb9aab5b975738bee296b6ac2/spit_ios.js
GitHub
frida_helper/spit_ios.js at 7eb165d23980c84eb9aab5b975738bee296b6ac2 · bhavukjain1/frida_helper
Contribute to bhavukjain1/frida_helper development by creating an account on GitHub.
👍2
Bluetooth-using home COVID test was cracked to fake results
https://labs.f-secure.com/blog/faking-a-positive-covid-test
https://labs.f-secure.com/blog/faking-a-positive-covid-test
IP address leak (Android), and denial of service (DoS) dubbed Message of Death (Android) found in Android Microsoft Teams app https://positive.security/blog/ms-teams-1-feature-4-vulns
positive.security
MS Teams: 1 feature, 4 vulnerabilities | Positive Security
Microsoft Team's link preview feature is susceptible to spoofing and vulnerable to Server-Side Request Forgery. Team's Android users can be DoS'ed and, in the past, their IP address could be leaked.
👍1
Malicious App Targets Major Brazilian Bank Itaú Unibanco
https://blog.cyble.com/2021/12/23/malicious-app-targets-major-brazilian-bank-itau-unibanco/
https://blog.cyble.com/2021/12/23/malicious-app-targets-major-brazilian-bank-itau-unibanco/
Cyble
Malicious App Targets Major Brazilian Bank Itaú Unibanco
Cyble's research on an Android Malware that has been targeting a major banking company in Brazil.
👍2