A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
projectzero.google
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution - Project Zero
Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and...
Pegasus vs. Predator Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
The Citizen Lab
Pegasus vs. Predator
Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour…
👍2
Android Application Testing Using Windows 11 and Windows Subsystem for Android
https://sensepost.com/blog/2021/android-application-testing-using-windows-11-and-windows-subsystem-for-android/
https://sensepost.com/blog/2021/android-application-testing-using-windows-11-and-windows-subsystem-for-android/
A simple frida noscript for iOS apps that spits out API request URLs, headers and body even if SSL pinning is enabled
https://github.com/bhavukjain1/frida_helper/blob/7eb165d23980c84eb9aab5b975738bee296b6ac2/spit_ios.js
https://github.com/bhavukjain1/frida_helper/blob/7eb165d23980c84eb9aab5b975738bee296b6ac2/spit_ios.js
GitHub
frida_helper/spit_ios.js at 7eb165d23980c84eb9aab5b975738bee296b6ac2 · bhavukjain1/frida_helper
Contribute to bhavukjain1/frida_helper development by creating an account on GitHub.
👍2
Bluetooth-using home COVID test was cracked to fake results
https://labs.f-secure.com/blog/faking-a-positive-covid-test
https://labs.f-secure.com/blog/faking-a-positive-covid-test
IP address leak (Android), and denial of service (DoS) dubbed Message of Death (Android) found in Android Microsoft Teams app https://positive.security/blog/ms-teams-1-feature-4-vulns
positive.security
MS Teams: 1 feature, 4 vulnerabilities | Positive Security
Microsoft Team's link preview feature is susceptible to spoofing and vulnerable to Server-Side Request Forgery. Team's Android users can be DoS'ed and, in the past, their IP address could be leaked.
👍1
Malicious App Targets Major Brazilian Bank Itaú Unibanco
https://blog.cyble.com/2021/12/23/malicious-app-targets-major-brazilian-bank-itau-unibanco/
https://blog.cyble.com/2021/12/23/malicious-app-targets-major-brazilian-bank-itau-unibanco/
Cyble
Malicious App Targets Major Brazilian Bank Itaú Unibanco
Cyble's research on an Android Malware that has been targeting a major banking company in Brazil.
👍2
Samsung's Galaxy Store is distributing apps that could infect phones with malware
https://www.androidpolice.com/samsung-galaxy-store-malware-movie-piracy-showbox/
https://www.androidpolice.com/samsung-galaxy-store-malware-movie-piracy-showbox/
Android Police
Samsung's Galaxy Store is distributing apps that could infect phones with malware
Potentially fake 'Showbox' movie piracy apps trigger a Play Protect warning, and an investigation indicates they could download malware
Android Tor Browser Thumbnails. What?
https://abrignoni.blogspot.com/2021/12/tor-thumbnails-what.html
https://abrignoni.blogspot.com/2021/12/tor-thumbnails-what.html
Android Component Security
https://www.hebunilhanli.com/wonderland/mobile-security/android-component-security/
https://www.hebunilhanli.com/wonderland/mobile-security/android-component-security/
A Memory Visualiser Tool for iOS Security Research
https://bellis1000.medium.com/a-memory-visualiser-tool-for-ios-security-research-bd8bb8c334c6
https://bellis1000.medium.com/a-memory-visualiser-tool-for-ios-security-research-bd8bb8c334c6
Medium
A Memory Visualiser Tool for iOS Security Research
Happy New Year!🥳
ReDroid - Android in Docker without QEMU/emulator https://github.com/remote-android/redroid-doc
GitHub
GitHub - remote-android/redroid-doc: redroid (Remote-Android) is a multi-arch, GPU enabled, Android in Cloud solution. Track issues…
redroid (Remote-Android) is a multi-arch, GPU enabled, Android in Cloud solution. Track issues / docs here - remote-android/redroid-doc
Facebook android webview vulnerability: Execute arbitrary javanoscript (xss) and load arbitrary website
https://servicenger.com/mobile/facebook-android-webview-vulnerability/
https://servicenger.com/mobile/facebook-android-webview-vulnerability/
👍2🥰1
Meet “NoReboot”: The iOS Ultimate Persistence Bug
https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/
https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/
Jamf
Jamf Threat Labs | Blog
Detailed analysis of Android FluBot malware version 5.0
https://www.f5.com/labs/articles/threat-intelligence/flubots-authors-employ-creative-and-sophisticated-techniques-to-achieve-their-goals-in-version-50-and-beyond
https://www.f5.com/labs/articles/threat-intelligence/flubots-authors-employ-creative-and-sophisticated-techniques-to-achieve-their-goals-in-version-50-and-beyond
F5 Labs
FluBot’s Authors Employ Creative and Sophisticated Techniques to Achieve Their Goals in Version 5.0 and Beyond | F5 Labs
A deconstruction of FluBot 5.0’s new communication protocol and other capabilities FluBot uses to hide, making it difficult for researchers and security solutions to detect.
Real-world Android Malware Analysis 1: SMS spy
https://www.purpl3f0xsecur1ty.tech/2022/01/10/eblagh-re.html
https://www.purpl3f0xsecur1ty.tech/2022/01/10/eblagh-re.html
Purpl3 F0x Secur1ty
Real-world Android Malware Analysis 1: eblagh.apk
Intro
Building userDebug Android images with root access and debug capabilities for a Google Pixel (sailfish)
https://www.linkedin.com/pulse/building-userdebug-android-images-google-pixel-sailfish-basanta
https://www.linkedin.com/pulse/building-userdebug-android-images-google-pixel-sailfish-basanta
Linkedin
Building userDebug Android images for a Google Pixel (sailfish).
Beforehand, i'm sorry for my english writing. I'm in practice for improve it.
👍1
Poland: Use of Pegasus spyware to hack politicians highlights threat to civil society
https://www.amnesty.org/en/latest/news/2022/01/poland-use-of-pegasus-spyware-to-hack-politicians-highlights-threat-to-civil-society/
https://www.amnesty.org/en/latest/news/2022/01/poland-use-of-pegasus-spyware-to-hack-politicians-highlights-threat-to-civil-society/
Amnesty International
Poland: Use of Pegasus spyware to hack politicians highlights threat to civil society
Confirming that Amnesty International has independently confirmed that Pegasus spyware was used to hack Polish senator, Krzysztof Brejza, when he was running the opposition’s 2019 parliamentary election campaign, Amnesty International Poland’s Director Anna…
👍1
Project Torogoz - Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware
https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/
https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/
The Citizen Lab
Project Torogoz
Journalists and members of civil society had their phones successfully infected with NSO’s Pegasus spyware between July 2020 - November 2021.
👍1
RCE in Adobe Acrobat Reader for Android (CVE-2021-40724)
analysis: https://hulkvision.github.io/blog/post1/
analysis: https://hulkvision.github.io/blog/post1/
hulkvision.github.io
RCE in Adobe Acrobat Reader for android(CVE-2021-40724)
# Summary
While testing Adobe Acrobat reader app , the app has a feature which allows user to open pdfs directly from http/https url. This feature was vulnerable to path traversal vulnerability.
Abode reader was also using Google play core library for dynamic…
While testing Adobe Acrobat reader app , the app has a feature which allows user to open pdfs directly from http/https url. This feature was vulnerable to path traversal vulnerability.
Abode reader was also using Google play core library for dynamic…