AdFraud apps found on Google Play: 38 apps with 20M+ downloads
https://www.whiteops.com/blog/beauty-and-the-fraud-beast
https://www.whiteops.com/blog/beauty-and-the-fraud-beast
HUMAN Security
Beauty and the (Fraud) Beast - HUMAN Security
The White Ops Satori Threat Intelligence and Research Team identified and tracked an ad fraud operation of 38 applications. Discover what they all have in common.
This PIN Can Be Easily Guessed
Study of user-chosen 4- and 6-digit PINs collected on smartphones for device unlocking. Measuring the effects of blacklists, where a set of "easy to guess" PINs is disallowed during selection
https://this-pin-can-be-easily-guessed.github.io/
Study of user-chosen 4- and 6-digit PINs collected on smartphones for device unlocking. Measuring the effects of blacklists, where a set of "easy to guess" PINs is disallowed during selection
https://this-pin-can-be-easily-guessed.github.io/
this-pin-can-be-easily-guessed.github.io
This PIN Can Be Easily Guessed
A comprehensive study on the security and usability of user-chosen 4- and 6-digit smartphone unlock PINs.
Quark: Android Malware Scoring System
https://github.com/quark-engine/quark-engine
https://github.com/quark-engine/quark-engine
GitHub
GitHub - ev-flow/quark-engine: Quark Agent - Your AI-powered Android APK Analyst
Quark Agent - Your AI-powered Android APK Analyst. Contribute to ev-flow/quark-engine development by creating an account on GitHub.
Awesome Python Security resources
https://github.com/guardrailsio/awesome-python-security
https://github.com/guardrailsio/awesome-python-security
GitHub
GitHub - guardrailsio/awesome-python-security: Awesome Python Security resources 🕶🐍🔐
Awesome Python Security resources 🕶🐍🔐. Contribute to guardrailsio/awesome-python-security development by creating an account on GitHub.
Fake COVID-19 Contact Tracing Apps
https://www.anomali.com/blog/anomali-threat-research-identifies-fake-covid-19-contact-tracing-apps-used-to-monitor-devices-steal-personal-data
https://www.anomali.com/blog/anomali-threat-research-identifies-fake-covid-19-contact-tracing-apps-used-to-monitor-devices-steal-personal-data
Anomali
Anomali Threat Research Identifies Fake COVID-19 Contact Tracing Apps Used to Download Malware that Monitors Devices, Steals Personal…
New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/
https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/
Trend Micro
Phishing Attacks from Earth Empusa Reveal ActionSpy
We identified an undocumented Android spyware we have named ActionSpy while tracking Earth Empura, also known as POISON CARP/Evil Eye. The campaign is reportedly targeting Uyghurs by compromising their Android and iOS mobile devices.
Cryptojacking In Mobile Devices
-What Is Cryptojacking
-How Does Mobile Device Cryptojacking Work
-How To Detect Cryptojacking Attacks
-How To Prevent Cryptojacking On Your Mobile Device
https://secureblitz.com/risks-of-cryptojacking-in-mobile-devices
-What Is Cryptojacking
-How Does Mobile Device Cryptojacking Work
-How To Detect Cryptojacking Attacks
-How To Prevent Cryptojacking On Your Mobile Device
https://secureblitz.com/risks-of-cryptojacking-in-mobile-devices
SecureBlitz Cybersecurity
Risks Of Cryptojacking In Mobile Devices
Here, we will address cryptojacking in mobile devices. We’ll dive into what cryptojacking is, how to detect it, and how to prevent it. Crypto mining is one
Jailbreaking Apple TV 4K
https://blog.elcomsoft.com/2020/06/jailbreaking-apple-tv-4k/
https://blog.elcomsoft.com/2020/06/jailbreaking-apple-tv-4k/
ElcomSoft blog
Jailbreaking Apple TV 4K
Is jailbreaking an Apple TV worth it? If you are working in the forensics, it definitely is. When connected to the user's Apple account with full iCloud access, the Apple TV synchronizes a lot of data. That data may contain important evidence, and sometimes…
A survey of recent iOS kernel exploits
https://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html
https://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html
Blogspot
A survey of recent iOS kernel exploits
Posted by Brandon Azad, Project Zero I recently found myself wishing for a single online reference providing a brief summary of the high...
Security & Privacy Risks of Mobile Contact Tracing Apps
https://arxiv.org/pdf/2006.05914.pdf
https://arxiv.org/pdf/2006.05914.pdf
Frida Boot - A binary instrumentation workshop, with Frida, for beginners!
https://github.com/leonjza/frida-boot
Workshop video: https://youtu.be/CLpW1tZCblo
Slides: https://docs.google.com/presentation/d/1BK4CsGChSKI8BCVsg9Rlv0lY5AfsrbanhIRWnKaP0TI/edit
https://github.com/leonjza/frida-boot
Workshop video: https://youtu.be/CLpW1tZCblo
Slides: https://docs.google.com/presentation/d/1BK4CsGChSKI8BCVsg9Rlv0lY5AfsrbanhIRWnKaP0TI/edit
GitHub
GitHub - leonjza/frida-boot: Frida Boot 👢- A binary instrumentation workshop, with Frida, for beginners!
Frida Boot 👢- A binary instrumentation workshop, with Frida, for beginners! - leonjza/frida-boot
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
https://youtu.be/BQWcUjzxJE0
https://youtu.be/BQWcUjzxJE0
YouTube
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Have you been wondering about how to start in mobile application security, more specifically iOS/Android application security? In this talk, I will try to answer some of the most common questions about getting started in mobile application security testing.…
Vulnerabilities in LTE and 5G networks 2020
https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf
https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf
Positive-Tech
Threat vector: GTP. Vulnerabilities in LTE and 5G networks 2020
With new 5G networks, mobile operators face numerous challenges. One of them is the GTP protocol, used alongside SS7 and Diameter on core networks to transmit user and control traffic. Stay ahead of the curve with knowledge and preparation. Download the «Threat…
GrinningSoul: iOS emulator
Built from the ground up for bug bounty hunters, security researchers, and developers.
Coming Q3 2020
https://www.grinningsoul.com/
Built from the ground up for bug bounty hunters, security researchers, and developers.
Coming Q3 2020
https://www.grinningsoul.com/
How to dump Samsung Galaxy S7 boot ROM using known and fixed security vulnerabilities in Trustzone
https://fredericb.info/2020/06/exynos8890-bootrom-dump-dump-exynos-8890-bootrom-from-samsung-galaxy-s7.html
Source code: https://github.com/frederic/exynos8890-bootrom-dump
https://fredericb.info/2020/06/exynos8890-bootrom-dump-dump-exynos-8890-bootrom-from-samsung-galaxy-s7.html
Source code: https://github.com/frederic/exynos8890-bootrom-dump
fred's notes
exynos8890-bootrom-dump : dump Exynos 8890 bootROM from Samsung Galaxy S7
This post introduces a tool to dump Samsung Galaxy S7 bootROM using known and fixed security vulnerabilities in Trustzone. The source code is available on GitHub. Procedure We use a Galaxy S7 phone, with ADB access and root privileges. BootROM code is at…
FBI announcement: Increased Use of Mobile Banking Apps Could Lead to Exploitation
https://www.ic3.gov/media/2020/200610.aspx
https://www.ic3.gov/media/2020/200610.aspx
Intel agencies red-flag use of 52 mobile apps with links to China: Complete list
https://www.hindustantimes.com/india-news/intel-agencies-red-flag-use-of-52-mobile-apps-with-links-to-china-complete-list/story-B50Slf39aSnVOrCcS92l1N.html
https://www.hindustantimes.com/india-news/intel-agencies-red-flag-use-of-52-mobile-apps-with-links-to-china-complete-list/story-B50Slf39aSnVOrCcS92l1N.html
Hindustan Times
Intelligence agencies red-flag use of 52 mobile apps with links to China
The National Security Council Secretariat has backed the recommendation to block or discourage use of 53 mobile apps
Forwarded from The Bug Bounty Hunter
Intercepting Flutter traffic on iOS
https://blog.nviso.eu/2020/06/12/intercepting-flutter-traffic-on-ios/
https://blog.nviso.eu/2020/06/12/intercepting-flutter-traffic-on-ios/
NVISO Labs
Intercepting Flutter traffic on iOS
My previous blogposts explained how to intercept Flutter traffic on Android ARMv8, with a detailed follow along guide for ARMv7. This blogpost does the same for iOS. ⚠️ Update August 2022 ⚠️An upda…
Trump 2020 Campaign Exposed to Attack via App
https://www.websiteplanet.com/blog/trump-app-vulnerability-report/
https://www.websiteplanet.com/blog/trump-app-vulnerability-report/
Website Planet
Trump 2020 Campaign Exposed to Attack via App
Led by renowned cybersecurity analysts Noam Rotem and Ran Locar, our security research team recently discovered a security vulnerability in US