HackDig : Dig high-quality web security articles for hacker

Google sets Android security updates rules but enforcement is unclear

The vendor requirements for Android are a strange and mysterious thing but a new leak claims Google has added language to force manufacturers to push more regular Android security updates. According to The Verge, Google’s latest contract will require OEMs to supply Android security updates for two years and provide at least four updates within the firs
Publish At:2019-09-19 23:05 | Read:39 | Comments:0 | Tags:Android Google Google Apps Google Play Store Security update

Android Ecosystem Security Transparency Report is a wary first step

Reading through Google’s first quarterly Android Ecosystem Security Transparency Report feels like a mix of missed opportunities and déjà vu all over again. Much of what is in the new Android ecosystem security report is data that has been part of Google’s annual Android Security Year in Review report, including the rates of potentially harmful a
Publish At:2019-09-19 23:05 | Read:2 | Comments:0 | Tags:Android Android security Google

Schubser and his cookie dealing friend

I actually forgot to post this in February, so I’m a little late but the topic is as current as it was back then. One week in February my colleague, Jan Girlich and me took some time to review our tools and make three of them available on github. Jan wrote a Proof of Concept (PoC) Android app that allows exploiting Java object deserialization vulnerabi
Publish At:2019-09-19 18:20 | Read:57 | Comments:0 | Tags:Coding Android deserialisation Firesheep Java MITM mod0cooki

What exactly is a mobile ______ attack?

Mobile devices contain or have access to the same information as traditional endpoints. While billions of dollars have been spent protecting and securing traditional endpoints, very little has been invested to protect mobile device endpoints. Attackers work on the same model as any other business: where do they get the greatest return on their investment of
Publish At:2019-09-19 14:33 | Read:76 | Comments:0 | Tags:Android App Security iOS Mobile Malware Mobile Security Mobi

The Bad, The Ugly & The Good of Mobile Phishing Protection

“The good, the bad and the ugly” is a well-known expression, but when it comes to mobile phishing, I suggest shifting the order. Let’s talk about the bad, the ugly and the good. The Bad: Mobile Takes Phishing from Bad to Worse Phishing is one of the most dominant attack techniques in cyber security.  Phishing has a very low barrier of entry, attacks can be
Publish At:2019-09-19 14:33 | Read:92 | Comments:0 | Tags:Mobile Security Mobile Threat Defense advanced mobile threat

The Clicking Bot Applications

Cyber crime, like any crime, has its motives; each malware has its own malicious profit. Spyware spies on you. Ransomware demands a ransom to decrypt your private digital data. Phishing Malware phishes for your username, password or account numbers. Installation-fraud achieves fake software installations. Ad fraud fraudulently represents online advertisement
Publish At:2017-11-07 10:45 | Read:39793 | Comments:2 | Tags:Analysts Android App Security Mobile Malware Threat Research

App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant

by Lilang Wu, Ju Zhu, and Moony Li We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The malicious profile also exploits certain fe
Publish At:2017-11-02 20:40 | Read:4628 | Comments:0 | Tags:Bad Sites Malware Mobile android app stores iOS

Dangerous liaisons

It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We’re talking here about intercepting and stealing personal information and the de-anonymi
Publish At:2017-10-24 11:55 | Read:4124 | Comments:0 | Tags:Featured Mobile threats Android Certificate HTTPS iOS Mobile

AhMyth Android RAT, another open source Android RAT Tool available on GitHub

The source code of a new Android Remote Administration Tool is available on GitHub, it is dubbed AhMyth Android RAT. You just have to download and test it. The source code of a new Android Remote Administration Tool is available on GitHub, it is dubbed AhMyth Android RAT. The malicious code is still in beta version, the AhMyth Android RAT consists of two par
Publish At:2017-10-23 18:55 | Read:4507 | Comments:0 | Tags:Breaking News Malware Mobile AhMyth Android RAT Android Hack

Validating Machine Learning Detection of Mobile Malware

Zimperium’s core machine learning engine, z9, has a proven track record of detecting zero-day exploits. We recently announced an extension of the framework that detects previously unknown mobile malware. This extension is known as “z9 for Mobile Malware”, and was officially announced in September 2017. Internally, the code name has been “Cogito”, so this res
Publish At:2017-10-21 13:50 | Read:4875 | Comments:0 | Tags:Android Mobile Malware Mobile security Mobile Threat Defense

ZNIU, the first Android malware family to exploit the Dirty COW vulnerability

Security experts at Trend Micro have recently spotted a new strain of Android malware, dubbed ZNIU, that exploits the Dirty COW Linux kernel vulnerability. The Dirty COW vulnerability was discovered by the security expert Phil Oester in October 2016, it could be exploited by a local attacker to escalate privileges. The name ‘Dirty COW’ is due to
Publish At:2017-09-27 05:25 | Read:4204 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Android CVE-2016-51

ZNIU: First Android Malware to Exploit Dirty COW Vulnerability

By Jason Gu, Veo Zhang, and Seven Shen We have disclosed this security issue to Google, who verified that they have protections in place against ZNIU courtesy of Google Play Protect. The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat,
Publish At:2017-09-25 23:15 | Read:4766 | Comments:0 | Tags:Bad Sites Malware Mobile Vulnerabilities android Dirty COW L

Android Nougat’s worst anti-security mechanism

If you are a pentester like me, you are doing mobile application reviews on Android. One of the most important things to check is the server API. On the other hand we might want to see what possibilities a server has to influence the Android app with its responses. For both the easiest and most straight forward method is to do a Man-In-The-Middle attack in t
Publish At:2017-09-24 07:00 | Read:2939 | Comments:0 | Tags:Android Fails Android Nougat Burp CA install fail snakeoil s

New Android Banking Trojan Red Alert 2.0 available for sale on crime forums

Researchers discovered a new Android banking Trojan, dubbed Red Alert 2.0, that is being offered for rent on many dark websites for $500 per month. Researchers with security firm SfyLabs have discovered a new Android banking Trojan, dubbed Red Alert 2.0, that is being offered for rent on many dark websites for $500 per month. “The last several months a
Publish At:2017-09-19 13:05 | Read:4661 | Comments:0 | Tags:Breaking News Cyber Crime Deep Web Malware Android banking t

Premium SMS malware EXPENSIVEWALL infected millions of Android handsets

Google removed 50 malicious apps from the official Play Store after experts discovered a new malware, dubbed ExpensiveWall, eluded Google Bouncer checks. Google has removed 50 malicious apps from the official Play Store after experts with security firm Check Point discovered a new malware, dubbed ExpensiveWall,  eluded the checks of the Google’s Bounce
Publish At:2017-09-15 16:40 | Read:2616 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Android ExpensiveWa

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud