This wallpaper triggers a rare bug causing Android devices to bootloop
https://www.xda-developers.com/wallpaper-triggers-rare-bug-causing-android-devices-bootloop/
https://www.xda-developers.com/wallpaper-triggers-rare-bug-causing-android-devices-bootloop/
XDA
[Update 2: Fixed] This wallpaper triggers a rare bug causing Android devices to bootloop
This wallpaper triggers a rare bug that causes Android devices to bootloop. Don't try the wallaper on your device or you may lose all your data.
Coldboot vulnerability affecting 7 years of LG Android devices CVE-2020-12753
https://douevenknow.us/post/619763074822520832/an-el1el3-coldboot-vulnerability
https://douevenknow.us/post/619763074822520832/an-el1el3-coldboot-vulnerability
Tumblr
🔋 📱❄️🥾🔓, an EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices
I should probably preface all of this by saying that I'm not really a security professional in the sense that I don't actually do security stuff for a living; I reported this vulnerability in March...
Popular Android malware threats in May, 2020
List: http://skptr.me/malware_timeline_2020.html
Samples: https://github.com/sk3ptre/AndroidMalware_2020
List: http://skptr.me/malware_timeline_2020.html
Samples: https://github.com/sk3ptre/AndroidMalware_2020
GitHub
GitHub - sk3ptre/AndroidMalware_2020: Popular Android malware seen in 2020
Popular Android malware seen in 2020. Contribute to sk3ptre/AndroidMalware_2020 development by creating an account on GitHub.
Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique
https://blog.trendmicro.com/trendlabs-security-intelligence/barcode-reader-apps-on-google-play-found-using-new-ad-fraud-technique/
https://blog.trendmicro.com/trendlabs-security-intelligence/barcode-reader-apps-on-google-play-found-using-new-ad-fraud-technique/
New Tekya Ad Fraud Found on Google Play
https://blog.trendmicro.com/trendlabs-security-intelligence/new-tekya-ad-fraud-found-on-google-play/
https://blog.trendmicro.com/trendlabs-security-intelligence/new-tekya-ad-fraud-found-on-google-play/
Trend Micro
New Tekya Ad Fraud Found on Google Play
We observed a Tekya variant that had made its way onto Google Play via five malicious apps. Said apps were already removed from the Play Store.
AdFraud apps found on Google Play: 38 apps with 20M+ downloads
https://www.whiteops.com/blog/beauty-and-the-fraud-beast
https://www.whiteops.com/blog/beauty-and-the-fraud-beast
HUMAN Security
Beauty and the (Fraud) Beast - HUMAN Security
The White Ops Satori Threat Intelligence and Research Team identified and tracked an ad fraud operation of 38 applications. Discover what they all have in common.
This PIN Can Be Easily Guessed
Study of user-chosen 4- and 6-digit PINs collected on smartphones for device unlocking. Measuring the effects of blacklists, where a set of "easy to guess" PINs is disallowed during selection
https://this-pin-can-be-easily-guessed.github.io/
Study of user-chosen 4- and 6-digit PINs collected on smartphones for device unlocking. Measuring the effects of blacklists, where a set of "easy to guess" PINs is disallowed during selection
https://this-pin-can-be-easily-guessed.github.io/
this-pin-can-be-easily-guessed.github.io
This PIN Can Be Easily Guessed
A comprehensive study on the security and usability of user-chosen 4- and 6-digit smartphone unlock PINs.
Quark: Android Malware Scoring System
https://github.com/quark-engine/quark-engine
https://github.com/quark-engine/quark-engine
GitHub
GitHub - ev-flow/quark-engine: Quark Agent - Your AI-powered Android APK Analyst
Quark Agent - Your AI-powered Android APK Analyst. Contribute to ev-flow/quark-engine development by creating an account on GitHub.
Awesome Python Security resources
https://github.com/guardrailsio/awesome-python-security
https://github.com/guardrailsio/awesome-python-security
GitHub
GitHub - guardrailsio/awesome-python-security: Awesome Python Security resources 🕶🐍🔐
Awesome Python Security resources 🕶🐍🔐. Contribute to guardrailsio/awesome-python-security development by creating an account on GitHub.
Fake COVID-19 Contact Tracing Apps
https://www.anomali.com/blog/anomali-threat-research-identifies-fake-covid-19-contact-tracing-apps-used-to-monitor-devices-steal-personal-data
https://www.anomali.com/blog/anomali-threat-research-identifies-fake-covid-19-contact-tracing-apps-used-to-monitor-devices-steal-personal-data
Anomali
Anomali Threat Research Identifies Fake COVID-19 Contact Tracing Apps Used to Download Malware that Monitors Devices, Steals Personal…
New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/
https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/
Trend Micro
Phishing Attacks from Earth Empusa Reveal ActionSpy
We identified an undocumented Android spyware we have named ActionSpy while tracking Earth Empura, also known as POISON CARP/Evil Eye. The campaign is reportedly targeting Uyghurs by compromising their Android and iOS mobile devices.
Cryptojacking In Mobile Devices
-What Is Cryptojacking
-How Does Mobile Device Cryptojacking Work
-How To Detect Cryptojacking Attacks
-How To Prevent Cryptojacking On Your Mobile Device
https://secureblitz.com/risks-of-cryptojacking-in-mobile-devices
-What Is Cryptojacking
-How Does Mobile Device Cryptojacking Work
-How To Detect Cryptojacking Attacks
-How To Prevent Cryptojacking On Your Mobile Device
https://secureblitz.com/risks-of-cryptojacking-in-mobile-devices
SecureBlitz Cybersecurity
Risks Of Cryptojacking In Mobile Devices
Here, we will address cryptojacking in mobile devices. We’ll dive into what cryptojacking is, how to detect it, and how to prevent it. Crypto mining is one
Jailbreaking Apple TV 4K
https://blog.elcomsoft.com/2020/06/jailbreaking-apple-tv-4k/
https://blog.elcomsoft.com/2020/06/jailbreaking-apple-tv-4k/
ElcomSoft blog
Jailbreaking Apple TV 4K
Is jailbreaking an Apple TV worth it? If you are working in the forensics, it definitely is. When connected to the user's Apple account with full iCloud access, the Apple TV synchronizes a lot of data. That data may contain important evidence, and sometimes…
A survey of recent iOS kernel exploits
https://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html
https://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html
Blogspot
A survey of recent iOS kernel exploits
Posted by Brandon Azad, Project Zero I recently found myself wishing for a single online reference providing a brief summary of the high...
Security & Privacy Risks of Mobile Contact Tracing Apps
https://arxiv.org/pdf/2006.05914.pdf
https://arxiv.org/pdf/2006.05914.pdf
Frida Boot - A binary instrumentation workshop, with Frida, for beginners!
https://github.com/leonjza/frida-boot
Workshop video: https://youtu.be/CLpW1tZCblo
Slides: https://docs.google.com/presentation/d/1BK4CsGChSKI8BCVsg9Rlv0lY5AfsrbanhIRWnKaP0TI/edit
https://github.com/leonjza/frida-boot
Workshop video: https://youtu.be/CLpW1tZCblo
Slides: https://docs.google.com/presentation/d/1BK4CsGChSKI8BCVsg9Rlv0lY5AfsrbanhIRWnKaP0TI/edit
GitHub
GitHub - leonjza/frida-boot: Frida Boot 👢- A binary instrumentation workshop, with Frida, for beginners!
Frida Boot 👢- A binary instrumentation workshop, with Frida, for beginners! - leonjza/frida-boot
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
https://youtu.be/BQWcUjzxJE0
https://youtu.be/BQWcUjzxJE0
YouTube
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Have you been wondering about how to start in mobile application security, more specifically iOS/Android application security? In this talk, I will try to answer some of the most common questions about getting started in mobile application security testing.…
Vulnerabilities in LTE and 5G networks 2020
https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf
https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf
Positive-Tech
Threat vector: GTP. Vulnerabilities in LTE and 5G networks 2020
With new 5G networks, mobile operators face numerous challenges. One of them is the GTP protocol, used alongside SS7 and Diameter on core networks to transmit user and control traffic. Stay ahead of the curve with knowledge and preparation. Download the «Threat…