Part 2: Usage of ispw, the Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/
👍13
Fake Android and iOS apps steal SMS and contacts in South Korea
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
McAfee Blog
Fake Android and iOS apps steal SMS and contacts in South Korea | McAfee Blog
Authored by Dexter Shin Most people have smartphones these days which can be used to easily search for various topics of interest on the Internet. These
👍9🤔1
Tablet for kids (Dragon Touch KidzPad Y88X) contains malware
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
Electronic Frontier Foundation
Low Budget Should Not Mean High Risk: Kids' Tablet Came Preloaded with Sketchyware
It’s easy to get Android devices from online vendors like Amazon at different price points. Unfortunately, it is also easy to end up with an Android device with malware at these lower budgets. There
👍10😱5
Palera1n Jailbreak iOS 15.7.7 for Penetration Testing
https://medium.com/@jcngan97/palera1n-jailbreak-ios-15-7-7-for-penetration-testing-7645abd15724
https://medium.com/@jcngan97/palera1n-jailbreak-ios-15-7-7-for-penetration-testing-7645abd15724
Medium
Palera1n Jailbreak iOS 15.7.7 for Penetration Testing
While performing mobile application penetration testing, the app that you are testing might have a minimum OS version of iOS 15. With…
👍14❤2👎2👏1
Social engineering attacks lure Indian users to install Android banking trojans
https://www.microsoft.com/en-us/security/blog/2023/11/20/social-engineering-attacks-lure-indian-users-to-install-android-banking-trojans/
https://www.microsoft.com/en-us/security/blog/2023/11/20/social-engineering-attacks-lure-indian-users-to-install-android-banking-trojans/
Microsoft Security Blog
Social engineering attacks lure Indian users to install Android banking trojans | Microsoft Security Blog
Mobile banking trojan campaigns targeting users in India impersonate legitimate orgs and steal users’ information for financial fraud scams.
🔥14👍4👏2👎1
Nothing Chats app, the Sunbird-based iMessage app, is a privacy nightmare with unencrypted messages and images
https://9to5google.com/2023/11/18/nothing-chats-sunbird-unencrypted-data-privacy-nightmare/
https://9to5google.com/2023/11/18/nothing-chats-sunbird-unencrypted-data-privacy-nightmare/
9to5Google
Nothing Chats, the Sunbird-based iMessage app, is a privacy nightmare with unencrypted messages and images
The Nothing Chats app, powered by Sunbird, promises encrypted iMessage for Android, but it's literally a privacy nightmare.
🔥9😁8👍1
Intercepting Flutter Based Application Traffic Using iptables
https://krushnalipane.medium.com/intercepting-flutter-based-application-traffic-using-iptables-da0f67064944
https://krushnalipane.medium.com/intercepting-flutter-based-application-traffic-using-iptables-da0f67064944
Medium
Intercepting Flutter Based Application Traffic Using iptables
Flutter, created by Google, has emerged as a popular open-source framework for building natively compiled applications for mobile, web, and desktop from a single codebase. However, with great power…
👍21❤4🔥2
NetHunter Hacker XI: Bluetooth arsenal
https://www.mobile-hacker.com/2023/11/28/nethunter-hacker-xi-bluetooth-arsenal/
https://www.mobile-hacker.com/2023/11/28/nethunter-hacker-xi-bluetooth-arsenal/
Mobile Hacker
NetHunter Hacker XI: Bluetooth arsenal Mobile Hacker
Bluetooth technology has become an integral part of our daily lives, from connecting our smartphones to our cars and headphones to sharing files between devices. However, as with any wireless technology, Bluetooth is vulnerable to hacking attempts. In this…
👍17
Unveiling the Persisting Threat: Iranian Mobile Banking Malware Campaign Extends Its Reach
https://www.zimperium.com/blog/unveiling-the-persisting-threat-iranian-mobile-banking-malware-campaign-extends-its-reach
https://www.zimperium.com/blog/unveiling-the-persisting-threat-iranian-mobile-banking-malware-campaign-extends-its-reach
Zimperium
Iranian Mobile Banking Malware Campaign Threat Continues | Zimperium
true
👍13👏1
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses allow certain man-in-the-middle attacks and live injection (CVE-2023-24023)
https://francozappa.github.io/post/2023/bluffs-ccs23/
https://francozappa.github.io/post/2023/bluffs-ccs23/
Daniele Antonioli
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses | Daniele Antonioli
Breaking and fixing the Bluetooth standard. One More Time.
Paper
Slides
Toolkit
CVE-2023-24023
BT SIG note
Paper
Slides
Toolkit
CVE-2023-24023
BT SIG note
👍15
Frida Labs: Series of challenges to learn Frida for Android
https://github.com/DERE-ad2001/Frida-Labs
https://github.com/DERE-ad2001/Frida-Labs
GitHub
GitHub - DERE-ad2001/Frida-Labs: The repo contains a series of challenges for learning Frida for Android Exploitation.
The repo contains a series of challenges for learning Frida for Android Exploitation. - DERE-ad2001/Frida-Labs
👍23❤2
How to bypass debugger detection in Android/iOS using IDA Pro
https://medium.com/@shubhamsonani/how-to-bypass-debugger-detection-in-android-ios-native-libraries-using-ida-pro-3e289c2127d6
https://medium.com/@shubhamsonani/how-to-bypass-debugger-detection-in-android-ios-native-libraries-using-ida-pro-3e289c2127d6
Medium
How to bypass debugger detection in Android/iOS native libraries using IDA Pro?
Hello guys, I hope you all are doing well.
👍14❤1
Malicious Android SpyLoan apps found on Google Play with over 12 million downloads
https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
Welivesecurity
Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths
ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play
👍10😁1
How to debug Android native libraries using JEB decompiler
https://medium.com/@shubhamsonani/how-to-debug-android-native-libraries-using-jeb-decompiler-eec681a22cf3
https://medium.com/@shubhamsonani/how-to-debug-android-native-libraries-using-jeb-decompiler-eec681a22cf3
Medium
How to debug android native libraries using JEB decompiler?
Hello guys, welcome back to the new blog.
In this blog, again I am going to show you one more method to debug native libraries of an…
In this blog, again I am going to show you one more method to debug native libraries of an…
👍8
Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS (CVE-2023-45866)
Impact: A nearby attacker can connect to a vulnerable device over unauthenticated Bluetooth and inject keystrokes to install apps, run arbitrary commands, forward messages, etc.
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
Impact: A nearby attacker can connect to a vulnerable device over unauthenticated Bluetooth and inject keystrokes to install apps, run arbitrary commands, forward messages, etc.
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
GitHub
reblog/cve-2023-45866 at main · skysafe/reblog
SkySafe Miscellaneous Reverse Engineering Blog. Contribute to skysafe/reblog development by creating an account on GitHub.
👍14🤯3👏2💯1
Android barcode scanner app with 100K installs exposes user passwords
https://cybernews.com/security/android-barcode-scanner-data-leak/
https://cybernews.com/security/android-barcode-scanner-data-leak/
Cybernews
Android barcode scanner app exposes user passwords
An Android app with over 100k Google Play downloads and a 4.5-star average rating has let an open instance go unchecked, leaving sensitive user data up for grabs.
👍8😁1
AutoSpill Vulnerability: Your mobile password manager might be exposing your credentials
https://techcrunch.com/2023/12/06/your-mobile-password-manager-might-be-exposing-your-credentials/
https://techcrunch.com/2023/12/06/your-mobile-password-manager-might-be-exposing-your-credentials/
TechCrunch
Your mobile password manager might be exposing your credentials
A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps.
👍18🤬2❤1
5Ghoul: New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands
https://asset-group.github.io/disclosures/5ghoul/
https://asset-group.github.io/disclosures/5ghoul/
👍10🤔1
Hardening cellular basebands in Android
https://security.googleblog.com/2023/12/hardening-cellular-basebands-in-android.html
https://security.googleblog.com/2023/12/hardening-cellular-basebands-in-android.html
Google Online Security Blog
Hardening cellular basebands in Android
Posted by Ivan Lozano and Roger Piqueras Jover Android’s defense-in-depth strategy applies not only to the Android OS running on the Appl...
👍12
Mobile Malware Analysis Part 6 – Xenomorph
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Mobile Malware Analysis Part 6 – Xenomorph - 8kSec
Welcome to the sixth installment of our Mobile Malware Series, dedicated to dissecting the latest threats and fortifying your cybersecurity defenses. In this edition, we
👍11🤔3🥱2🙈2
Bad Zip and new Packer for Android/BianLian
https://cryptax.medium.com/bad-zip-and-new-packer-for-android-bianlian-5bdad4b90aeb
https://cryptax.medium.com/bad-zip-and-new-packer-for-android-bianlian-5bdad4b90aeb
Medium
Bad Zip and new Packer for Android/BianLian
I got my hands on a new sample of Android/BianLian (sha256: 0070bc10699a982a26f6da48452b8f5e648e1e356a7c1667f393c5c3a1150865), a banking…
👍17