HackDig : Dig high-quality web security articles for hacker

Mobile Threat Data Q2 2017

Zimperium is releasing its most recent summarized mobile threat data detected via our global enterprise customers. The data provides insight into what type of threats our customers are detecting by having the zIPS mobile threat defense app on corporate and BYO devices. zIPS enables companies to detect threats to mobile devices in real-time, so attacks via m
Publish At:2017-09-15 18:50 | Read:157 | Comments:0 | Tags:Mobile Threat Defense Threat Research

Your Guide to Mobile Threat Defense

“The signs are clear that mobile threats can no longer be ignored. Security and risk management leaders must familiarize themselves with mobile threat defense solutions and plan to gradually integrate them to mitigate mobile risks.”* *Gartner Market Guide for Mobile Threat Defense Solutions, Dionisio Zumerle, John Girard, 22 August 2017 Gartner r
Publish At:2017-09-13 11:35 | Read:196 | Comments:0 | Tags:Mobile Threat Defense Threat Research Gartner

ziVA: Zimperium’s iOS Video Audio Kernel Exploit

Follow @doadam Following my previous post, I’m releasing ziVA: a fully chained iOS kernel exploit that (should) work on all the iOS devices running iOS 10.3.1 or earlier. The exploit itself consists of multiple vulnerabilities that were discovered all in the same module: AppleAVEDriver. The exploit will be covered in depth in my HITBGSEC talk held on August
Publish At:2017-08-24 04:35 | Read:342 | Comments:0 | Tags:iOS Threat Research IOS exploit

Fake Snapchat in Google Play Store

Introduction   Zimperium discovered and reported a fake version of the popular Snapchat app in the official Google Play Store; At the time of our discovery, it was the second result when searching for “Snapchat”. The fake version of Snapchat app is using “Snap Inc .” as Company Name, with a  ” .” appended to original name. Fake
Publish At:2017-08-11 02:50 | Read:453 | Comments:0 | Tags:Android Mobile Malware Mobile security Mobile Threat Defense

Zimperium zLabs iOS Security Advisories

As part of zLab’s platform research team, I’ve tried to investigate an area of the kernel that wasn’t thoroughly researched before.  After digging into some of Apple’s closed-source kernel modules, one code chunk led to another and I’ve noticed a little-known module, which I’ve never seen before, called AppleAVE. AppleAVE 
Publish At:2017-07-21 00:15 | Read:300 | Comments:0 | Tags:iOS Threat Research AppleAVE vulnerability IOS

Threat Research: zTorg Trojan Variations

This Threat Research is about two variations of the zTorg mobile trojan recently discovered in Google Play by Kaspersky researcher, Roman Unucheck. In his blog post, Unucheck described the two variations as “Magic browser” and “Noise Detector”. According to Unucheck, “Magic browser” was uploaded to Google Play on May 15, 2017 and was
Publish At:2017-06-27 23:45 | Read:322 | Comments:0 | Tags:Threat Research

NDAY-2017-0103: Arbitrary kernel write in sys_oabi_epoll_wait

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Nicolas Trippar Follow Nicolas Trippar (@ntrippar) zNID: NDAY-2017-0103 CVE: CVE-2016-3857 Type: Elevation of Privileges Platform: Android < 6.0 Device type: Huawei MT7-UL00, Nexus 7 Zimperium protection: Detected the exploit without an update. Zimperium partners and customers do not need to take any
Publish At:2017-05-25 16:50 | Read:604 | Comments:0 | Tags:Android Mobile security Mobile Threat Defense N-Day Threat R

NDAY-2017-0101: iCloud Information Leak

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Nicolas Trippar Follow Nicolas Trippar (@ntrippar) zNID: NDAY-2017-0101 CVE: Unknown Type: Information Disclosure Platform: iOS < 10.3 Device type: iPhone, iPod iOS bulletin: https://support.apple.com/en-us/HT207617 Public release date: 25th of May, 2017 Credit: Anonymous Download Exploit (passwor
Publish At:2017-05-25 16:50 | Read:611 | Comments:0 | Tags:iOS Mobile security Mobile Threat Defense N-Day Threat Resea

NDAY-2017-0106: Elevation of Privilege in NVIDIA nvhost-vic driver

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Nicolas Trippar Follow Nicolas Trippar (@ntrippar) zNID: NDAY-2017-0106 CVE: CVE-2016-2434 Type: Elevation of Privileges Platform: Android 6.0.1 Device type: Nexus 9 Zimperium protection: Detected the exploit without an update. Zimperium partners and customers do not need to take any action to detect th
Publish At:2017-05-25 16:50 | Read:606 | Comments:0 | Tags:Android Mobile Threat Defense N-Day Threat Research

Mobile Device Threat Data – Q1 2017

14% of Devices Contain Malware 4% detected a Man-in-the-Middle Attack 1 of 3 Devices Not Running Latest Version Mobile devices are now standard computing platforms in businesses of all sizes. U.S. consumers now spend over 5 hours per day on mobile devices [1]. The average time spent per day on mobile devices has increased every quarter since users prefer t
Publish At:2017-05-18 18:55 | Read:535 | Comments:0 | Tags:Threat Research

Mobile Security Perceptions vs. Reality

47% of cybersecurity professionals saw a year over year increase in mobile device threats We’ve teamed up with LinkedIn’s 350,000+ Information Security Community to bring you real answers on mobile security. Late last year, the Information Security Community launched its 2nd annual mobile security survey to find out what the community had to say about mobile
Publish At:2017-05-13 10:00 | Read:563 | Comments:0 | Tags:Mobile security Threat Research Webinar

NDAY-2017-0105: Elevation of Privilege Vulnerability in MSM Thermal Driver

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Nicolas Trippar Follow Nicolas Trippar (@ntrippar) Following our announcement on N-Days Exploit Acquisition Program for smartphones, we are delighted to share the first couple of submissions. We received many submissions and we’re in the process of sharing them with ZHA followed by a public disclosure
Publish At:2017-04-25 15:35 | Read:722 | Comments:0 | Tags:Android Mobile Malware Mobile security Threat Research Uncat

NDAY-2017-0102: Elevation of Privilege Vulnerability in NVIDIA Video Driver

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Nicolas Trippar Follow Nicolas Trippar (@ntrippar) Following our announcement on N-Days Exploit Acquisition Program for smartphones, we are delighted to share the first couple of submissions. We received many submissions and we’re in the process of sharing them with ZHA followed by a public disclosur
Publish At:2017-04-25 15:35 | Read:628 | Comments:0 | Tags:Android Mobile Malware Mobile security Mobile Threat Defense

Threat Research: FalseGuide

This Threat Research is about the recently (re)discovered “FalseGuide” threat found in Google Play. FalseGuide is form of malware that has been hidden in more than 40 game guide apps in Google Play since February 2017. According to reports, approximately 600,000 devices may have been infected before the known versions of the malware were removed from Google
Publish At:2017-04-25 15:35 | Read:564 | Comments:0 | Tags:Android Mobile Malware Mobile security Mobile Threat Defense

Threat Research: Pre-Installed Android Malware

This Threat Research is about the recently discovered “Pre-installed Android Malware” threat. At least 36 high-end smartphone models belonging to popular manufacturing companies such as Samsung, LG, and Lenovo were found pre-loaded with 21 malware programs. The programs were part of two malware families: Loki and SLocker. The malicious apps were not part of
Publish At:2017-03-16 22:05 | Read:602 | Comments:0 | Tags:Android Threat Research

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud