Google Firebase messaging vulnerability allowed attackers to send push notifications to app users
https://abss.me/posts/fcm-takeover/
https://abss.me/posts/fcm-takeover/
abss.me
Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties
TL;DR A malicous attacker could control the content of push notifications to any application that runs the FCM SDK and has it’s FCM server key exposed & at the same time send these notifications to every single user of the vulnerable application!
Write-up for Samsung SCTF’s Android Reverse Engineering Challenge https://link.medium.com/sZIupscha9
Medium
Vault 101 : Samsung CTF Android Reverse Engineering Challenge Write-up
Write-up for SCTF’s Android Reverse Engineering Challenge: Vault 101 using pure static analysis based reverse engineering and custom…
Samsung 'Find My Mobile' vulnerability report
https://char49.com/articles/malicious-apps-could-take-over-samsung-devices
Detailed report: http://char49.com/tech-reports/fmmx1-report.pdf
https://char49.com/articles/malicious-apps-could-take-over-samsung-devices
Detailed report: http://char49.com/tech-reports/fmmx1-report.pdf
Mintegral SDK - The malicious code uncovered in iOS versions of the SDK from the Chinese mobile ad platform
https://snyk.io/blog/sourmint-malicious-code-ad-fraud-and-data-leak-in-ios/
https://snyk.io/blog/sourmint-malicious-code-ad-fraud-and-data-leak-in-ios/
Snyk
SourMint: Malicious code, ad fraud, and data leak in iOS | Snyk
The Snyk research team has uncovered malicious code used for ad fraud in a popular Advertising SDK used by over 1,200 apps in the AppStore.
Part 2: Step-by-step iPhone Setup for iOS Research
https://www.mac4n6.com/blog/category/analysis
https://www.mac4n6.com/blog/category/analysis
mac4n6.com
Stealing local files using Safari Web Share API (NOT FIXED!)
https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html
https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html
blog.redteam.pl
Stealing local files using Safari Web Share API
red team, blue team, penetration testing, red teaming, threat hunting, digital forensics, incident response, cyber security, IT security
Bypass PIN codes for Visa contactless payments
A successful attack requires four components: (1+2) two Android smartphones, (3) a special Android app developed by the research team, and (4) a Visa contactless card.
The entire idea behind the attack is that the POS emulator asks the card to make a payment, modifies transaction details, and then sends the modified data via WiFi to the second smartphone that makes a large payment without needing to provide a PIN (as the attacker has modified the transaction data to say that the PIN is not needed).
Info: https://www.zdnet.com/article/academics-bypass-pins-for-visa-contactless-payments/
Research: https://arxiv.org/pdf/2006.08249.pdf
Video demo: https://youtu.be/JyUsMLxCCt8
A successful attack requires four components: (1+2) two Android smartphones, (3) a special Android app developed by the research team, and (4) a Visa contactless card.
The entire idea behind the attack is that the POS emulator asks the card to make a payment, modifies transaction details, and then sends the modified data via WiFi to the second smartphone that makes a large payment without needing to provide a PIN (as the attacker has modified the transaction data to say that the PIN is not needed).
Info: https://www.zdnet.com/article/academics-bypass-pins-for-visa-contactless-payments/
Research: https://arxiv.org/pdf/2006.08249.pdf
Video demo: https://youtu.be/JyUsMLxCCt8
ZDNET
Academics bypass PINs for Visa contactless payments
Researchers: "In other words, the PIN is useless in Visa contactless transactions."
Transparent Tribe: Evolution analysis
Part 1: https://securelist.com/transparent-tribe-part-1/98127/
Part 2 (Android): https://securelist.com/transparent-tribe-part-2/98233/
Part 1: https://securelist.com/transparent-tribe-part-1/98127/
Part 2 (Android): https://securelist.com/transparent-tribe-part-2/98233/
Securelist
Transparent Tribe: Evolution analysis, part 1 | Securelist
Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013.
Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913
https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/
https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/
News, Techniques & Guides
Oversecured automatically discovers persistent code execution in the Google Play Core Library
The Google Play Core Library is a popular library for Android that allows updates to various parts of an app to be delivered at runtime without the participation of the user, via the Google API...
TERRACOTTA Android Malware: A Technical Study
https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study
https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study
HUMAN Security
TERRACOTTA Android Malware: A Technical Study - HUMAN Security
The Satori Threat Intelligence & Research Team takes a deep dive into the TERRACOTTA ad fraud operation and its sophistication.
Forwarded from The Bug Bounty Hunter
GitHub
GitHub - Soulghost/iblessing: iblessing is an iOS security exploiting toolkit, it mainly includes application information gathering…
iblessing is an iOS security exploiting toolkit, it mainly includes application information gathering, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis ...
ThiefBot: A New Android Banking Trojan Targeting Turkish Banking Users
https://business.xunison.com/thiefbot-a-new-android-banking-trojan-targeting-turkish-banking-users/
https://business.xunison.com/thiefbot-a-new-android-banking-trojan-targeting-turkish-banking-users/
Google removes Android app that was used to spy on Belarusian protesters
https://www.zdnet.com/article/google-removes-android-app-that-was-used-to-spy-on-belarusian-protesters/
https://www.zdnet.com/article/google-removes-android-app-that-was-used-to-spy-on-belarusian-protesters/
ZDNet
Google removes Android app that was used to spy on Belarusian protesters
App mimicked a popular anti-government news site and collected location and device owner details.
Mobile threat statistics for Q2 2020 by Kaspersky
https://securelist.com/it-threat-evolution-q2-2020-mobile-statistics/98337/
https://securelist.com/it-threat-evolution-q2-2020-mobile-statistics/98337/
Securelist
IT threat evolution Q2 2020. Mobile statistics
According to Kaspersky Security Network, during the second quarter 1,245,894 malicious installers were detected and a total of 14,204,345 attacks on mobile devices were blocked.
India yesterday banned 118 Chinese apps
List of app in the link
https://drive.google.com/file/d/1NRcC49uKIvwA4-sDmubC5aC2LmHggKoG/view
List of app in the link
https://drive.google.com/file/d/1NRcC49uKIvwA4-sDmubC5aC2LmHggKoG/view
Android Permission (Notification Permission) Can Be Lethal [Android Malware Series]
https://youtu.be/PzhDEV7rpP0
https://youtu.be/PzhDEV7rpP0
YouTube
This Android Permission Can Be Lethal. [Android Malware Series]
In this video, I talk about how this Android Permission (Notification Permission) can steal almost all private data from victim's device without asking for any extra permission.
Many Android Malware uses this permission to perform various tasks like stealing…
Many Android Malware uses this permission to perform various tasks like stealing…
WhatsApp discloses six previously undisclosed flaws
https://www.whatsapp.com/security/advisories/2020/
https://www.whatsapp.com/security/advisories/2020/
WhatsApp.com
WhatsApp Security Advisories 2020
WhatsApp Security Advisories 2020 - List of security fixes for WhatsApp products
ARM64 Reversing and Exploitation
Part 1: http://highaltitudehacks.com/2020/09/05/arm64-reversing-and-exploitation-part-1-arm-instruction-set-heap-overflow/
Part 2: http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-2-use-after-free/
Part 3: http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-3-a-simple-rop-chain/
Part 1: http://highaltitudehacks.com/2020/09/05/arm64-reversing-and-exploitation-part-1-arm-instruction-set-heap-overflow/
Part 2: http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-2-use-after-free/
Part 3: http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-3-a-simple-rop-chain/
Prateekg147
ARM64 Reversing and Exploitation Part 1 - ARM Instruction Set + Simple Heap Overflow
Hi Everyone ! In this blog series, we will be understanding the ARM instruction set and using that to reverse ARM Binaries followed by writing exploits for them. So let’s start with the basics of ARM64.