CVE-2019-11932 (double free in libpl_droidsonroids_gif) many apps vulnerable
https://seclists.org/fulldisclosure/2019/Nov/27
https://seclists.org/fulldisclosure/2019/Nov/27
seclists.org
Full Disclosure: CVE-2019-11932 (double free in libpl_droidsonroids_gif) many
apps vulnerable
apps vulnerable
NetHunter Kex – Full Kali Desktop on Android phones
NetHunter Kex allows you to attach your Android device to an HDMI output along with Bluetooth keyboard and mouse and get a full, no compromise, Kali desktop from your phone.
https://www.kali.org/news/kali-linux-2019-4-release/
NetHunter Kex allows you to attach your Android device to an HDMI output along with Bluetooth keyboard and mouse and get a full, no compromise, Kali desktop from your phone.
https://www.kali.org/news/kali-linux-2019-4-release/
Kali Linux
Kali Linux 2019.4 Release (Xfce, Gnome, GTK3, Kali-Undercover, Kali-Docs, KeX, PowerShell & Public Packaging) | Kali Linux Blog
Time to grab yourself a drink, this will take a while!
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.
2019.4 includes some exciting new updates:…
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.
2019.4 includes some exciting new updates:…
Building & Hacking modern iOS apps
https://www.slideshare.net/mobile/wojdwo/buildinghacking-modern-ios-apps
https://www.slideshare.net/mobile/wojdwo/buildinghacking-modern-ios-apps
www.slideshare.net
Building&Hacking modern iOS apps
After my successful presentation "Testing iOS Apps without Jailbreak in 2018" it's time to change the side. This talk will cover the most important milestones …
Mobile threat statistics in Q3 2019 by Kaspersky
▪️870,617 detected all malicious installs
▪️Hiddenapp is one of the most prevalent Android malware family
▪️13,129 detected mobile banking Trojans
▪️13,179 detected mobile ransomware
https://securelist.com/it-threat-evolution-q3-2019-statistics/95269/
▪️870,617 detected all malicious installs
▪️Hiddenapp is one of the most prevalent Android malware family
▪️13,129 detected mobile banking Trojans
▪️13,179 detected mobile ransomware
https://securelist.com/it-threat-evolution-q3-2019-statistics/95269/
Securelist
IT threat evolution Q3 2019. Statistics
Kaspersky solutions blocked 989,432,403 attacks launched from online resources in 203 countries across the globe.
Checkm8, Checkra1n and the new "golden age" for iOS Forensics
http://blog.digital-forensics.it/2019/11/checkm8-checkra1n-and-new-golden-age.html
http://blog.digital-forensics.it/2019/11/checkm8-checkra1n-and-new-golden-age.html
blog.digital-forensics.it
Checkm8, Checkra1n and the new "golden age" for iOS Forensics
DFIR research
Database with millions of SMS text messages has been found online
The database was left unprotected on the internet without a password, none of the data was encrypted and anyone could look inside. #TrueDialog
https://www.vpnmentor.com/blog/report-truedialog-leak/
The database was left unprotected on the internet without a password, none of the data was encrypted and anyone could look inside. #TrueDialog
https://www.vpnmentor.com/blog/report-truedialog-leak/
vpnMentor
Report: Millions of Americans at Risk After Huge Data and SMS Leak
Introduction
Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a breached database belonging to the American communications company, TrueDialog.
TrueDialog
Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a breached database belonging to the American communications company, TrueDialog.
TrueDialog
Session Expiration Bypass in Facebook Creator App
https://link.medium.com/bzpIZQ2z41
https://link.medium.com/bzpIZQ2z41
Medium
Session Expiration Bypass in Facebook Creator App
Hello everybody,
Mobile Cyberespionage Campaign Distributed Through #CallerSpy as a Targeted Attack
https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-distributed-through-callerspy-mounts-initial-phase-of-a-targeted-attack/
https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-distributed-through-callerspy-mounts-initial-phase-of-a-targeted-attack/
Trend Micro
Mobile Campaign Start Targeted Attacks Using CallerSpy
We found a new spyware family hosted on a phishing website, and may initially be used for a targeted attack campaign. We first came across the threat in May via http://gooogle.press/ advertising a chat app called “Chatrious.”
Android StrandHogg vulnerability
Vulnerability allows malicious app to masquerade as any other app on the device.
So, if you launch Facebook, malware is executed.
https://promon.co/security-news/strandhogg/
Video demo: https://twitter.com/LukasStefanko/status/1201597521560244225
Vulnerability allows malicious app to masquerade as any other app on the device.
So, if you launch Facebook, malware is executed.
https://promon.co/security-news/strandhogg/
Video demo: https://twitter.com/LukasStefanko/status/1201597521560244225
👍1
Exploiting unpatched Android StrandHogg vulnerability demo
https://youtu.be/yI0Xh5Oc0x4
https://youtu.be/yI0Xh5Oc0x4
YouTube
Android StrandHogg vulnerability demo | Exploit | PoC | Malware
Android StrandHogg vulnerability
Vulnerability allows malicious app to masquerade as any other app on the device.
If you launch Facebook, malware is executed.
In the video is simple exploitation of the vulnerability.
More info: https://promon.co/security…
Vulnerability allows malicious app to masquerade as any other app on the device.
If you launch Facebook, malware is executed.
In the video is simple exploitation of the vulnerability.
More info: https://promon.co/security…
Analysis of Android Downloader Trojans
https://securityintelligence.com/posts/the-role-of-evil-downloaders-in-the-android-mobile-malware-kill-chain/
https://securityintelligence.com/posts/the-role-of-evil-downloaders-in-the-android-mobile-malware-kill-chain/
Security Intelligence
The Role of Evil Downloaders in the Android Mobile Malware Kill Chain
Malware on official mobile app stores is a growing concern for all users. Increasingly, malware developers are getting around sophisticated app store controls by using mobile malware downloaders.
[updated] Android App Reverse Engineering 101
https://maddiestone.github.io/AndroidAppRE/
https://maddiestone.github.io/AndroidAppRE/
Malicious Android apps observed during Thanksgiving season of 2019
https://securitynews.sonicwall.com/xmlpost/malicious-android-apps-observed-during-thanksgiving-season-of-2019/
https://securitynews.sonicwall.com/xmlpost/malicious-android-apps-observed-during-thanksgiving-season-of-2019/
Chasing the Joker
Android SMS subnoscription bot distributed over Google Play #slides
https://docs.google.com/presentation/d/1sFGAERaNRuEORaH06MmZKeFRqpJo1ol1xFieUa1X_OA/edit#slide=id.p1
Android SMS subnoscription bot distributed over Google Play #slides
https://docs.google.com/presentation/d/1sFGAERaNRuEORaH06MmZKeFRqpJo1ol1xFieUa1X_OA/edit#slide=id.p1
Google Docs
Joker
Chasing the Joker
DeStroid
Fighting String Encryption in Android Malware
https://github.com/fkie-cad/DeStroid/blob/master/DeStroid_bonus_slides.pdf
Fighting String Encryption in Android Malware
https://github.com/fkie-cad/DeStroid/blob/master/DeStroid_bonus_slides.pdf
GitHub
DeStroid/DeStroid_bonus_slides.pdf at master · fkie-cad/DeStroid
Fighting String Encryption in Android Malware. Contribute to fkie-cad/DeStroid development by creating an account on GitHub.
Forwarded from fs0c131y - Official Channel (Elliot Alderson)
Androids Invisible Foreground Services and
How to (Ab)use Them https://i.blackhat.com/eu-19/Thursday/eu-19-Sutter-Simple-Spyware-Androids-Invisible-Foreground-Services-And-How-To-Abuse-Them.pdf
How to (Ab)use Them https://i.blackhat.com/eu-19/Thursday/eu-19-Sutter-Simple-Spyware-Androids-Invisible-Foreground-Services-And-How-To-Abuse-Them.pdf
Venus malware family found on Google Play targets carrier billing and advertising
https://www.evina.fr/evina-security-analyst-found-a-new-trojan-family-on-google-play/
https://www.evina.fr/evina-security-analyst-found-a-new-trojan-family-on-google-play/
Evina
The Fraud Observer - Evina
Once a month, the most valuable insights and news to fight fraud and grow your business.
SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4
https://googleprojectzero.blogspot.com/2019/12/sockpuppet-walkthrough-of-kernel.html
https://googleprojectzero.blogspot.com/2019/12/sockpuppet-walkthrough-of-kernel.html
Blogspot
SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4
Posted by Ned Williamson, 20% on Project Zero Introduction I have a somewhat unique opportunity in this writeup to highlight my experie...