Heap Overflows on iOS ARM64: Heap Grooming, Use-After-Free (Part 3)
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html
Inversecos
Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3)
👍9
Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006)
https://medium.com/maverislabs/lock-screen-bypass-exploit-of-android-devices-cve-2022-20006-604958fcee3a
https://medium.com/maverislabs/lock-screen-bypass-exploit-of-android-devices-cve-2022-20006-604958fcee3a
Medium
Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006)
Background on Lock Screen Bypass Exploits
👍37👎1👏1
Session On Android – An App Wrapped in Signal
https://thebinaryhick.blog/2022/07/14/session-on-android-an-app-wrapped-in-signal/
https://thebinaryhick.blog/2022/07/14/session-on-android-an-app-wrapped-in-signal/
The Binary Hick
Session On Android – An App Wrapped in Signal
NOTE: parts of this article describe steps by which the order of encryption methods are reversed to render encrypted data in clear-text. This was done in order to investigate the app being discusse…
👍8🔥6
Exploiting Android Vulnerabilities with Malicious Third-Party Apps (featuring Oversecured APK)
https://medium.com/@as3ng/exploiting-android-vulnerabilities-with-malicious-third-party-apps-featuring-oversecured-apk-adea3241ce49
https://medium.com/@as3ng/exploiting-android-vulnerabilities-with-malicious-third-party-apps-featuring-oversecured-apk-adea3241ce49
Medium
Exploiting Android Vulnerabilities with Malicious Third-Party Apps (featuring Oversecured APK)
Mobile applications has become a trend these days since there are a rapid growing companies and startups which already taken their steps…
👍14🔥5👏2👎1
Pegasus Spyware Used Against Thailand’s Pro-Democracy Movement
https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/
https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/
The Citizen Lab
GeckoSpy
Uncovering an extensive espionage operation infecting dozens of Thai pro-democracy campaigners with NSO Group's Pegasus spyware.
👍15👎5🔥3
The first distribution of Android related malware by Turla APT group spoofing domain Ukrainian Azov Regiment
https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/
https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/
Google
Continued cyber activity in Eastern Europe observed by TAG
Google’s Threat Analysis Group (TAG) continues to closely monitor the cybersecurity environment in Eastern Europe with regard to the war in Ukraine. Many Russian government cyber assets have remained focused on Ukraine and related issues since the invasion…
👍15❤1
Vodafone & Deutsche Telekom to introduce persistent user tracking by operator
https://blog.simpleanalytics.com/vodafone-deutsche-telekom-to-introduce-persistent-user-tracking
https://blog.simpleanalytics.com/vodafone-deutsche-telekom-to-introduce-persistent-user-tracking
Simpleanalytics
Vodafone & Deutsche Telekom to introduce persistent user tracking
Vodafone & Deutsche Telekom are trialing with Trustpid to introduce persistent user tracking
👍12🤮11😢4
Ongoing Roaming Mantis smishing campaign targeting France
https://blog.sekoia.io/ongoing-roaming-mantis-smishing-campaign-targeting-france/
https://blog.sekoia.io/ongoing-roaming-mantis-smishing-campaign-targeting-france/
Sekoia.io Blog
Ongoing Roaming Mantis smishing campaign targeting France
MoqHao (aka Wroba) is an Android Remote Access Trojan (RAT) with information-stealing and backdoor capabilities that likely spreads via SMS.
👍10
Joker, Facestealer and Coper banking malwares on Google Play store
https://www.zscaler.com/blogs/security-research/joker-facestealer-and-coper-banking-malwares-google-play-store
https://www.zscaler.com/blogs/security-research/joker-facestealer-and-coper-banking-malwares-google-play-store
Zscaler
Joker, Facestealer and Coper banking malwares on Google Play store | Zscaler
Joker, Facestealers and Banker swarming Google Play store
🔥8👍3❤1🥰1
Android FOSS Apps List
List of open source Android applications for “de-google, de-samsung, de-microsoft, de-nsa etc.” your mobile phone
https://brainfucksec.github.io/android-foss-apps-list
List of open source Android applications for “de-google, de-samsung, de-microsoft, de-nsa etc.” your mobile phone
https://brainfucksec.github.io/android-foss-apps-list
brainfucksec
Android FOSS Apps List
Update: 10 March 2024 List of open source Android applications for “de-google, de-samsung, de-microsoft, de-nsa, de-china-malware etc. etc.” your mobile phone, as always, the list is written in a KISS simple way. The apps in the list are divided by category…
👍19🥰8❤1
New HiddenAds malware affects 1M+ users and hides on the Google Play Store
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-hiddenads-malware-that-runs-automatically-and-hides-on-google-play-1m-users-affected/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-hiddenads-malware-that-runs-automatically-and-hides-on-google-play-1m-users-affected/
McAfee Blog
New HiddenAds malware affects 1M+ users and hides on the Google Play Store | McAfee Blog
Authored by Dexter Shin McAfee's Mobile Research Team has identified new malware on the Google Play Store. Most of them are disguising themselves as
🤩6👍4👎2
DawDropper - Analysis Of New Android Banking Dropper that was available on Google Play
https://www.trendmicro.com/en_us/research/22/g/examining-new-dawdropper-banking-dropper-and-daas-on-the-dark-we.html
https://www.trendmicro.com/en_us/research/22/g/examining-new-dawdropper-banking-dropper-and-daas-on-the-dark-we.html
Trend Micro
Examining New DawDropper Banking Dropper and DaaS on the Dark Web
👍16🔥3
ARM 64 Assembly Series — Data Processing (Part 1)
https://valsamaras.medium.com/arm-64-assembly-series-data-processing-part-1-b6f6f877c56b
https://valsamaras.medium.com/arm-64-assembly-series-data-processing-part-1-b6f6f877c56b
Medium
ARM 64 Assembly Series — Data Processing (Part 1)
Previous posts: Basic definitions and registers, lab setup, offset and addressing modes, Load And Store, Branch
👏10👍4🔥3
Finding bugs in the Linux Kernel Bluetooth Subsystem: Exploiting HCI socket cookie generation
Part 1: https://itayie.me/linux/2022/07/29/finding-bugs-in-the-linux-kernel-bt-subsystem-part-2.html
Part 2: https://itayie.me/linux/2022/07/29/finding-bugs-in-the-linux-kernel-bt-subsystem-part-1.html
Part 1: https://itayie.me/linux/2022/07/29/finding-bugs-in-the-linux-kernel-bt-subsystem-part-2.html
Part 2: https://itayie.me/linux/2022/07/29/finding-bugs-in-the-linux-kernel-bt-subsystem-part-1.html
Itay Iellin
Finding bugs in the Linux Kernel Bluetooth Subsystem: Exploiting HCI socket cookie generation
Introduction
👍10
JusTalk app left a huge database of unencrypted private messages publicly exposed to the internet without a password for months
https://techcrunch.com/2022/07/26/justalk-spilled-millions-of-user-messages-and-locations-for-months/
https://techcrunch.com/2022/07/26/justalk-spilled-millions-of-user-messages-and-locations-for-months/
TechCrunch
JusTalk spilled millions of user messages and locations for months
The messaging app left a huge database of unencrypted private messages online but without a password for months.
👍12😱7
ARM 64 Assembly Series — Data Processing (Part 2)
https://valsamaras.medium.com/arm-64-assembly-series-data-processing-part-2-3d0526dc07b6
https://valsamaras.medium.com/arm-64-assembly-series-data-processing-part-2-3d0526dc07b6
Medium
ARM 64 Assembly Series — Data Processing (Part 2)
Previous posts: Basic definitions and registers, lab setup, offset and addressing modes, Load And Store, Branch, Data Processing Part 1
👍15
SpyNote – An Analysis of Android Spyware that targeted Indian Army personnel via WhatsApp
https://labs.k7computing.com/index.php/spynote-an-android-snooper/
https://labs.k7computing.com/index.php/spynote-an-android-snooper/
K7 Labs
SpyNote – An Android Snooper
Threat actors are constantly using new tricks and tactics to target users across the globe. This blog is about SpyNote, […]
👍21🤯3😱2🥱2
Detailed analysis of an Android in-the-wild 0-day exploit developed by surveillance vendor Wintego (CVE-2021-0920)
https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html
https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html
Blogspot
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
A deep dive into an in-the-wild Android exploit Guest Post by Xingyu Jin, Android Security Research This is part one of a two-part guest...
👍17👏2
iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser
👍14🔥4😁4