Subnoscription scams found on Google Play -
25 apps with almost 600M installs
https://news.sophos.com/en-us/2020/01/14/fleeceware-apps-persist-on-the-play-store/

All iPhones running iOS 10 or later can now be used as hardware security keys for Google accounts
https://www.zdnet.com/article/you-can-now-use-an-iphone-as-a-security-key-for-google-accounts/
Step-by-step tutorial: https://support.google.com/accounts/answer/9289445

Seventeen Android HiddenAd Trojans Found in Google Play With Total Over 550K Downloads
https://labs.bitdefender.com/2020/01/seventeen-android-nasties-spotted-in-google-play-total-over-550k-downloads/

Android Enterprise Security Whitepaper
https://static.googleusercontent.com/media/www.android.com/en//static/2016/pdfs/enterprise/Android_Enterprise_Security_White_Paper_2019.pdf

Vulnerability in Android OneDrive app allowed to bypass passcode or fingerprint
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654

How to develope and test secure #iOS apps + video demos #MASVS #MSTG
https://www.dropbox.com/sh/tsog4fwa3wg4rd9/AADuNKjtQNaliYSBjr28SevPa?dl=0

Chinese phone maker OPPO partners with #HackerOne to launch bug bounty program
https://security.oppo.com/en/

How to write #iOS program that allows to render arbitrary strings to the #iPhone screen by directly modifying the framebuffer pixels https://link.medium.com/REb7yRhkn3

Exploiting SQL Injection in Android's Download Provider (CVE-2019-2198)

Blind SQL injection in Android's Download Provider will retrieve user cookies of downloaded file website (e.g. Gmail).
Patched in November's 2019 Android Security Bulletin.
PoC + info:https://github.com/IOActive/AOSP-DownloadProviderDbDumperSQLiWhere/

Bruteforce password recovery code for Bumble #iOS app
https://hackerone.com/reports/743545

Awesome GitHub Repos
1. Book of Secret Knowledge = https://lnkd.in/fWKCdi4
2. Awesome Hacking = https://lnkd.in/f7VPTEX
3. Awesome Bug Bounty = https://lnkd.in/fPrQiVD
4. Awesome Penetration Testing = https://lnkd.in/fAUZgu5
5. Awesome Web Hacking = https://lnkd.in/f5n2hSd
6. Awesome Hacking Resources = https://lnkd.in/fcJ6wFH
7. Awesome Pentest = https://lnkd.in/fNNSFeN
8. Awesome Red Teaming = https://lnkd.in/fGpievF
9. Awesome Web Security = https://lnkd.in/ffG73u2
10. Penetration Test Guide based on OWASP = https://lnkd.in/ffyBwzG
11. Pentest Compilation = https://lnkd.in/f5JwJTD
12. Infosec Reference = https://lnkd.in/fY6wNmX

Android Unpacking Automation (Docker + Frida)
https://github.com/corellium/corellium-android-unpacking

Hacking Sony PlayStation Blu-ray Drives #slides
https://github.com/oct0xor/presentations/blob/master/Hacking%20Sony%20PlayStation%20Blu-ray%20Drives.pdf

Jeff Bezos smartphone was hacked by NSO group spyware - #Pegasus
https://www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince

ProtonVPN is the first VPN provider to open source apps on all platforms (Windows, macOS, Android, and iOS) and undergo an independent security audit
https://github.com/ProtonVPN/android-app

Stats of Android.Xiny trojan family

Installing applications without user permission has always been Android.Xiny's principal function. Thus, attackers can profit from pay-per-install referral programmes
https://news.drweb.com/show/?i=13627&lng=en

Forensic analysis of Jeff Bezos hacked #iPhoneX

iPhone was exploited via #WhatsApp vulnerability that probably triggered RCE.
Similar exploit was fixed in October 2019 - CVE-2019-11932(double-free vulnerability) but instead of video it was triggered by GIF.
https://www.documentcloud.org/documents/6668313-FTI-Report-into-Jeff-Bezos-Phone-Hack.html

Analysis of Opera for Android vulnerability to a sandboxed cross-origin iframe bypass attack (CVE-2019-19788)
https://blog.confiant.com/trending-client-side-innovations-in-malvertising-payloads-914d9f614ed1

What mobile OS you are using?
anonymous poll

Android – 417
👍👍👍👍👍👍👍 80%

iOS – 78
👍 15%

other – 10
▫️ 2%

Windows Mobile – 9
▫️ 2%

KaiOS – 6
▫️ 1%

👥 520 people voted so far.

United Nations officials will not use #WhatsApp to communicate because it’s not supported as a secure mechanism #JeffBezos
https://www.reuters.com/article/us-un-whatsapp/u-n-says-officials-barred-from-using-whatsapp-since-june-2019-over-security-idUSKBN1ZM32P

Penetration Testing & Hacking Tools List (30+)

- Penetration Testing Resources
- Exploit Development
- OSINT Resources
- Anonymity Tools
- Social Engineering
- Reverse Engineering Tools
- Operating Systems
- Vulnerability Databases
- Penetration Testing Distributions
- Docker for Penetration Testing
- Multi-paradigm Frameworks
- Vulnerability Scanners
- Static Analyzers
- Web Scanners
- Network Tools
- Wireless Network Hacking Tools
- Transport Layer Security Tools
- Web Exploitation
- Hex Editors
- File Format Analysis Tools
- Defense Evasion Tools
- Hash Cracking
- Windows Utilities
- GNU/Linux Utilities
- macOS Utilities
- Lock Picking Resources
- CTF Tools
- Books
- Security Courses
https://itshackingnews.blogspot.com/2020/01/penetration-testing-hacking-tools.html