Anubis Banking Trojan still spreads via email as fake invoice
https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/
https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/
Cofense
Anubis Targets 250 Android Apps with Ransomware | Cofense
Infostealer keylogger/ransomware, OneAnubis, targets 250 Android applications - Stay informed about Android app vulnerabilities and OneAnubis malware.
Bluetooth Vulnerability in Android (CVE-2020-0022)
Bug allows an attacker to execute arbitrary code with the privileges of the Bluetooth daemon
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Bug allows an attacker to execute arbitrary code with the privileges of the Bluetooth daemon
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Forwarded from The Bug Bounty Hunter
Android: How to Bypass Root Check and Certificate Pinning
https://medium.com/@cintainfinita/android-how-to-bypass-root-check-and-certificate-pinning-36f74842d3be
https://medium.com/@cintainfinita/android-how-to-bypass-root-check-and-certificate-pinning-36f74842d3be
Medium
Android: How to Bypass Root Check and Certificate Pinning
Recently I needed to pentest an Android application. When I installed the app in my virtual device (Android Emulator), a pop up…
👍1
iOS exploit development series:
Part 1: Heap Exploit Development:
https://azeria-labs.com/heap-exploit-development-part-1/
Part 2: Heap Overflows and the iOS Kernel Heap
https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/
Part 3: Grooming the iOS Kernel Heap
https://azeria-labs.com/grooming-the-ios-kernel-heap/
Part 1: Heap Exploit Development:
https://azeria-labs.com/heap-exploit-development-part-1/
Part 2: Heap Overflows and the iOS Kernel Heap
https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/
Part 3: Grooming the iOS Kernel Heap
https://azeria-labs.com/grooming-the-ios-kernel-heap/
Azeria-Labs
Heap Exploit Development
Elector app leaked personal information – ID, full name, address, and phone – of almost 6.5 million Israelis with voting rights
https://securityaffairs.co/wordpress/97603/data-breach/elector-app-israel-data-leak.html
https://securityaffairs.co/wordpress/97603/data-breach/elector-app-israel-data-leak.html
Security Affairs
Netanyahu's party Elector app exposes data on over 6.5M Israelis
A misconfiguration in an election day app developed by Likud, the Netanyahu's party might have exposed data on over 6.5 million Israelis.
rvi_capture
A utility to create packet capture dumps from iOS devices (for debugging network activity via Wireshark)
https://github.com/gh2o/rvi_capture
A utility to create packet capture dumps from iOS devices (for debugging network activity via Wireshark)
https://github.com/gh2o/rvi_capture
GitHub
GitHub - gh2o/rvi_capture: rvictl for Linux and Windows: capture packets sent/received by iOS devices
rvictl for Linux and Windows: capture packets sent/received by iOS devices - gh2o/rvi_capture
Overview of mobile malware detected in January 2020 by Doctor Web
https://news.drweb.com/show/?i=13669&lng=en
https://news.drweb.com/show/?i=13669&lng=en
Dr.Web
Dr.Web — Doctor Web’s January 2020 overview of malware detected on mobile devices
Find out on Doctor Web’s site about the latest virus threats and information security issues.
Android security research, with focus on Arm TrustZone
Understanding Trusted Execution Environments and the Arm TrustZone Technology
https://azeria-labs.com/trusted-execution-environments-tee-and-trustzone/
Understanding Trusted Execution Environments and the Arm TrustZone Technology
https://azeria-labs.com/trusted-execution-environments-tee-and-trustzone/
Azeria-Labs
Trusted Execution Environments and Arm TrustZone
How Google Play fought bad apps and malicious developers in 2019
https://android-developers.googleblog.com/2020/02/how-we-fought-bad-apps-and-malicious.html
https://android-developers.googleblog.com/2020/02/how-we-fought-bad-apps-and-malicious.html
Android Developers Blog
How we fought bad apps and malicious developers in 2019
Posted by Andrew Ahn, Product Manager, Google Play + Android App Safety Google Play connects users with great digital experiences t...
Android Trojan xHelper uses persistent re-infection tactics: here’s how to remove
https://blog.malwarebytes.com/android/2020/02/new-variant-of-android-trojan-xhelper-reinfects-with-help-from-google-play/
https://blog.malwarebytes.com/android/2020/02/new-variant-of-android-trojan-xhelper-reinfects-with-help-from-google-play/
Malwarebytes
Android Trojan xHelper uses persistent re-infection tactics: here's how to remove | Malwarebytes Labs
A new variant of the Android Trojan xHelper re-infects just hours after removal—and with the help of Google PLAY?! A forum user helps us investigate.
Memory corruption in Samsung's Android kernel (Galaxy A50, A505FN)
https://googleprojectzero.blogspot.com/2020/02/mitigations-are-attack-surface-too.html
https://googleprojectzero.blogspot.com/2020/02/mitigations-are-attack-surface-too.html
Blogspot
Mitigations are attack surface, too
Posted by Jann Horn, Project Zero Introduction This blog post discusses a bug leading to memory corruption in Samsung's Android kern...
Forwarded from The Bug Bounty Hunter
INTRODUCTION TO ANDROID HACKING BY @0XTEKNOGEEK
https://www.hackerone.com/blog/androidhackingmonth-intro-to-android-hacking
https://www.hackerone.com/blog/androidhackingmonth-intro-to-android-hacking
HackerOne
Guess what's coming!? #AndroidHackingMonth on @Hacker0x01
Mobile hacking has become an essential part of the bug bounty hunter’s tool belt as more and more companies are doubling down on mobile and investing in the security of their iOS and Android applications. As part of our determination to ensure you have the…
Analysis of techniques to bypass the Android Security Config control with Frida
https://neo-geo2.gitbook.io/adventures-on-security/frida/analysis-of-network-security-configuration-bypasses-with-frida
https://neo-geo2.gitbook.io/adventures-on-security/frida/analysis-of-network-security-configuration-bypasses-with-frida
neo-geo2.gitbook.io
Analysis of Network Security Configuration bypasses with Frida | Adventures on Security
Analysis of techniques to bypass the Android Security Config control with Frida
Bad Binder - Finding an Android In The Wild 0-day
https://github.com/maddiestone/ConPresentations/blob/master/OffensiveCon2020.BadBinder.pdf
https://github.com/maddiestone/ConPresentations/blob/master/OffensiveCon2020.BadBinder.pdf
GitHub
ConPresentations/OffensiveCon2020.BadBinder.pdf at master · maddiestone/ConPresentations
Slide decks from my conference presentations. Contribute to maddiestone/ConPresentations development by creating an account on GitHub.