A Technical Analysis of Pegasus for Android – Part 2
https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/
https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/
👍26🔥5
Heap buffer overflow in Android 12 Can Cause Chrome Sandbox Escape to system privilege
https://bugs.chromium.org/p/chromium/issues/detail?id=1283640
https://bugs.chromium.org/p/chromium/issues/detail?id=1283640
👍18
Analyze iOS kernel with free tools
youtu.be/HReVZH9fMcc
youtu.be/HReVZH9fMcc
YouTube
[0x05] Reversing Shorts :: iOS Kernel Demystified
The XNU kernel is essential to iOS and macOS security. In this video, we'll take a look into Apple's open-source releases as well as free tools to analyze closed-source extensions.
Full playlist of reversing shorts: https://www.youtube.com/playlist?list…
Full playlist of reversing shorts: https://www.youtube.com/playlist?list…
👍13🕊5
New Pegasus Spyware Abuses Identified in Mexico
https://citizenlab.ca/2022/10/new-pegasus-spyware-abuses-identified-in-mexico/
https://citizenlab.ca/2022/10/new-pegasus-spyware-abuses-identified-in-mexico/
The Citizen Lab
New Pegasus Spyware Abuses Identified in Mexico
Mexican digital rights organization R3D, with technical support from the Citizen Lab, has determined that Mexican journalists and a human rights defender were infected with Pegasus between 2019 and 2021. The infections occurred years after the first revelations…
👍18🔥3❤1😁1🎉1
Pixel6: Booting up
https://eshard.com/posts/pixel6_bootloader
https://eshard.com/posts/pixel6_bootloader
👍15
Analysis of the Pixel 6 bootloader: Emulation, ROP
https://eshard.com/posts/pixel6bootloader-2
https://eshard.com/posts/pixel6bootloader-2
👍16
RatMilad - New Android Spyware impersonating virtual phone numbers
https://blog.zimperium.com/we-smell-a-ratmilad-mobile-spyware/
https://blog.zimperium.com/we-smell-a-ratmilad-mobile-spyware/
👍8🔥8
Meta identified more than 400 malicious Android and iOS apps that steal Facebook login information #FaceStealer
https://about.fb.com/news/2022/10/protecting-people-from-malicious-account-compromise-apps/
https://about.fb.com/news/2022/10/protecting-people-from-malicious-account-compromise-apps/
Meta Newsroom
Protecting People From Malicious Account Compromise Apps
More than 400 malicious Android and iOS apps this year targeted people to steal their Facebook login information.
👍13🥰6👏1
Fuzzing Host-to Guest Attack Surface in Android Protected KVM
https://youtu.be/cJjjlSG6JEA
https://youtu.be/cJjjlSG6JEA
YouTube
Fuzzing Host-to Guest Attack Surface in Android Protected KVM- Eugene Rodionov & Will Deacon, Google
Fuzzing Host-to Guest Attack Surface in Android Protected KVM - Eugene Rodionov & Will Deacon, Google
Android 13 introduces native support of virtualization services built on top of Protected KVM (pKVM) for arm64 devices. Unlike in traditional KVM where…
Android 13 introduces native support of virtualization services built on top of Protected KVM (pKVM) for arm64 devices. Unlike in traditional KVM where…
👍14👎1
Malicious WhatsApp mod distributed through legitimate apps such as Vidmate and Snaptube
https://securelist.com/malicious-whatsapp-mod-distributed-through-legitimate-apps/107690/
https://securelist.com/malicious-whatsapp-mod-distributed-through-legitimate-apps/107690/
Securelist
Malicious WhatsApp mod distributed through legitimate apps
The malicious version of YoWhatsApp messenger, containing Triada trojan, was spreading through ads in the popular Snaptube app and the Vidmate app's internal store.
👍15
Forwarded from The Bug Bounty Hunter
MOBILE PENTESTING 101 – BYPASSING BIOMETRIC AUTHENTICATION
https://securitycafe.ro/2022/09/05/mobile-pentesting-101-bypassing-biometric-authentication/
https://securitycafe.ro/2022/09/05/mobile-pentesting-101-bypassing-biometric-authentication/
Security Café
Mobile Pentesting 101 – Bypassing Biometric Authentication
Android and iOS Fingerprint bypassing techniques. The article presents multiple biometric bypass methods, including Frida and objection.
👍17
TOAD attacks: Vishing combined with Android banking malware now targeting Italian banks
https://www.threatfabric.com/blogs/toad-fraud.html
https://www.threatfabric.com/blogs/toad-fraud.html
ThreatFabric
TOAD attacks: Vishing combined with Android banking malware now targeting Italian banks
ThreatFabric’s analysts uncovered a network of phishing websites targeting Italian online-banking users and aiming to steal their banking credentials.
👍15
Forwarded from The Bug Bounty Hunter
Meta iOS Hacking talk from BountyCon by @phwd_
https://docs.google.com/presentation/d/1PPsyLhTxMAk1IyIp6p5ls0dhnqm3xVQKb8rE9z-N548/
https://docs.google.com/presentation/d/1PPsyLhTxMAk1IyIp6p5ls0dhnqm3xVQKb8rE9z-N548/
Google Docs
Meta iOS Hunting
👍16❤2
Banking trojans disguised as shopping apps attack Malaysian Android users
https://news.drweb.com/show/?i=14585&lng=en
https://news.drweb.com/show/?i=14585&lng=en
Dr.Web
Banking trojans disguised as shopping apps attack Malaysian Android users
Doctor Web reports on the discovery of banking trojan apps that target Malaysian users. Malicious actors distribute them as mobile shopping apps. Unlike many other bankers, these not only have icons and basic store names, but also work just like such apps…
👍8
New Malicious Clicker found in apps installed by 20M+ users
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-malicious-clicker-found-in-apps-installed-by-20m-users/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-malicious-clicker-found-in-apps-installed-by-20m-users/
McAfee Blog
New Malicious Clicker found in apps installed by 20M+ users | McAfee Blog
Authored by SangRyol Ryu Cybercriminals are always after illegal advertising revenue. As we have previously reported, we have seen many mobile malwares
👍7
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware (APT-C-50)
https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware/
https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware/
WeLiveSecurity
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
APT-C-50’s Domestic Kitten campaign continues, targeting Iranian citizens with a new version of the FurBall malware posing as an Android translation app.
👍8🤔2
Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
https://medium.com/s2wblog/unveil-the-evolution-of-kimsuky-targeting-android-devices-with-newly-discovered-mobile-malware-280dae5a650f
https://medium.com/s2wblog/unveil-the-evolution-of-kimsuky-targeting-android-devices-with-newly-discovered-mobile-malware-280dae5a650f
Medium
Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
Author: Sebin, Lee & Yeongjae, Shin | S2W TALON
👍8
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri (CVE-2022-32946 - $7000 bounty)
"Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets."
https://rambo.codes/posts/2022-10-25-sirispy-ios-bug-allowed-apps-to-eavesdrop
"Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets."
https://rambo.codes/posts/2022-10-25-sirispy-ios-bug-allowed-apps-to-eavesdrop
Rambo Codes
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri | Rambo Codes
Gui Rambo writes about his coding and reverse engineering adventures.
👍11❤1
In Android Authority poll, 19.72% out of 3,300 voters stated their Android is rooted
https://www.androidauthority.com/android-phone-rooted-poll-results-3225345/
https://www.androidauthority.com/android-phone-rooted-poll-results-3225345/
Android Authority
We asked, you told us: Your Android phone definitely isn't rooted
There are many reasons to root your Android phone, but it turns out that most polled readers don't have a rooted daily driver.
👍6🥰3
🤡49👌8👍2