The first public jailbreak for Apple's iOS operating system that should work at launch on all iOS devices
https://www.vice.com/en_us/article/dyz8nw/iphone-ios-ios13-jailbreak-uncover-unc0ver
https://www.vice.com/en_us/article/dyz8nw/iphone-ios-ios13-jailbreak-uncover-unc0ver
VICE
Hackers Just Dropped a Jailbreak They Say Works for All iPhones
The new unc0ver jailbreak relies on a vulnerability that the researcher who found it says Apple is unaware of.
👍2
StrandHogg 2.0 - The 'evil twin' vulnerability (CVE-2020-0096)
Vulnerability allows malware app to pose as legitimate apps
https://promon.co/strandhogg-2-0/
Vulnerability allows malware app to pose as legitimate apps
https://promon.co/strandhogg-2-0/
promon.io
StrandHogg 2.0 - Android Vulnerability | Promon
Promon researchers have discovered a new elevation of privilege vulnerability in Android that allows hackers to gain access to almost all apps.
Fraudsters spread a mobile trojan disguised as a Valorant game
https://news.drweb.com/show/?lng=en&i=13838
https://news.drweb.com/show/?lng=en&i=13838
Dr.Web
Fraudsters spread a mobile trojan disguised as a Valorant game
Doctor Web specialists have uncovered a fraudulent campaign targeting mobile device owners. Cybercriminals are publishing misleading videos on YouTube, promoting a mobile version of a new Valorant game and prompting unsuspecting users to install it on their…
This wallpaper triggers a rare bug causing Android devices to bootloop
https://www.xda-developers.com/wallpaper-triggers-rare-bug-causing-android-devices-bootloop/
https://www.xda-developers.com/wallpaper-triggers-rare-bug-causing-android-devices-bootloop/
XDA
[Update 2: Fixed] This wallpaper triggers a rare bug causing Android devices to bootloop
This wallpaper triggers a rare bug that causes Android devices to bootloop. Don't try the wallaper on your device or you may lose all your data.
Coldboot vulnerability affecting 7 years of LG Android devices CVE-2020-12753
https://douevenknow.us/post/619763074822520832/an-el1el3-coldboot-vulnerability
https://douevenknow.us/post/619763074822520832/an-el1el3-coldboot-vulnerability
Tumblr
🔋 📱❄️🥾🔓, an EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices
I should probably preface all of this by saying that I'm not really a security professional in the sense that I don't actually do security stuff for a living; I reported this vulnerability in March...
Popular Android malware threats in May, 2020
List: http://skptr.me/malware_timeline_2020.html
Samples: https://github.com/sk3ptre/AndroidMalware_2020
List: http://skptr.me/malware_timeline_2020.html
Samples: https://github.com/sk3ptre/AndroidMalware_2020
GitHub
GitHub - sk3ptre/AndroidMalware_2020: Popular Android malware seen in 2020
Popular Android malware seen in 2020. Contribute to sk3ptre/AndroidMalware_2020 development by creating an account on GitHub.
Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique
https://blog.trendmicro.com/trendlabs-security-intelligence/barcode-reader-apps-on-google-play-found-using-new-ad-fraud-technique/
https://blog.trendmicro.com/trendlabs-security-intelligence/barcode-reader-apps-on-google-play-found-using-new-ad-fraud-technique/
New Tekya Ad Fraud Found on Google Play
https://blog.trendmicro.com/trendlabs-security-intelligence/new-tekya-ad-fraud-found-on-google-play/
https://blog.trendmicro.com/trendlabs-security-intelligence/new-tekya-ad-fraud-found-on-google-play/
Trend Micro
New Tekya Ad Fraud Found on Google Play
We observed a Tekya variant that had made its way onto Google Play via five malicious apps. Said apps were already removed from the Play Store.
AdFraud apps found on Google Play: 38 apps with 20M+ downloads
https://www.whiteops.com/blog/beauty-and-the-fraud-beast
https://www.whiteops.com/blog/beauty-and-the-fraud-beast
HUMAN Security
Beauty and the (Fraud) Beast - HUMAN Security
The White Ops Satori Threat Intelligence and Research Team identified and tracked an ad fraud operation of 38 applications. Discover what they all have in common.
This PIN Can Be Easily Guessed
Study of user-chosen 4- and 6-digit PINs collected on smartphones for device unlocking. Measuring the effects of blacklists, where a set of "easy to guess" PINs is disallowed during selection
https://this-pin-can-be-easily-guessed.github.io/
Study of user-chosen 4- and 6-digit PINs collected on smartphones for device unlocking. Measuring the effects of blacklists, where a set of "easy to guess" PINs is disallowed during selection
https://this-pin-can-be-easily-guessed.github.io/
this-pin-can-be-easily-guessed.github.io
This PIN Can Be Easily Guessed
A comprehensive study on the security and usability of user-chosen 4- and 6-digit smartphone unlock PINs.
Quark: Android Malware Scoring System
https://github.com/quark-engine/quark-engine
https://github.com/quark-engine/quark-engine
GitHub
GitHub - ev-flow/quark-engine: Quark Agent - Your AI-powered Android APK Analyst
Quark Agent - Your AI-powered Android APK Analyst. Contribute to ev-flow/quark-engine development by creating an account on GitHub.
Awesome Python Security resources
https://github.com/guardrailsio/awesome-python-security
https://github.com/guardrailsio/awesome-python-security
GitHub
GitHub - guardrailsio/awesome-python-security: Awesome Python Security resources 🕶🐍🔐
Awesome Python Security resources 🕶🐍🔐. Contribute to guardrailsio/awesome-python-security development by creating an account on GitHub.
Fake COVID-19 Contact Tracing Apps
https://www.anomali.com/blog/anomali-threat-research-identifies-fake-covid-19-contact-tracing-apps-used-to-monitor-devices-steal-personal-data
https://www.anomali.com/blog/anomali-threat-research-identifies-fake-covid-19-contact-tracing-apps-used-to-monitor-devices-steal-personal-data
Anomali
Anomali Threat Research Identifies Fake COVID-19 Contact Tracing Apps Used to Download Malware that Monitors Devices, Steals Personal…
New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/
https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/
Trend Micro
Phishing Attacks from Earth Empusa Reveal ActionSpy
We identified an undocumented Android spyware we have named ActionSpy while tracking Earth Empura, also known as POISON CARP/Evil Eye. The campaign is reportedly targeting Uyghurs by compromising their Android and iOS mobile devices.
Cryptojacking In Mobile Devices
-What Is Cryptojacking
-How Does Mobile Device Cryptojacking Work
-How To Detect Cryptojacking Attacks
-How To Prevent Cryptojacking On Your Mobile Device
https://secureblitz.com/risks-of-cryptojacking-in-mobile-devices
-What Is Cryptojacking
-How Does Mobile Device Cryptojacking Work
-How To Detect Cryptojacking Attacks
-How To Prevent Cryptojacking On Your Mobile Device
https://secureblitz.com/risks-of-cryptojacking-in-mobile-devices
SecureBlitz Cybersecurity
Risks Of Cryptojacking In Mobile Devices
Here, we will address cryptojacking in mobile devices. We’ll dive into what cryptojacking is, how to detect it, and how to prevent it. Crypto mining is one
Jailbreaking Apple TV 4K
https://blog.elcomsoft.com/2020/06/jailbreaking-apple-tv-4k/
https://blog.elcomsoft.com/2020/06/jailbreaking-apple-tv-4k/
ElcomSoft blog
Jailbreaking Apple TV 4K
Is jailbreaking an Apple TV worth it? If you are working in the forensics, it definitely is. When connected to the user's Apple account with full iCloud access, the Apple TV synchronizes a lot of data. That data may contain important evidence, and sometimes…
A survey of recent iOS kernel exploits
https://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html
https://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html
Blogspot
A survey of recent iOS kernel exploits
Posted by Brandon Azad, Project Zero I recently found myself wishing for a single online reference providing a brief summary of the high...