HackDig : Dig high-quality web security articles for hacker

What exactly is a mobile ______ attack?

Mobile devices contain or have access to the same information as traditional endpoints. While billions of dollars have been spent protecting and securing traditional endpoints, very little has been invested to protect mobile device endpoints. Attackers work on the same model as any other business: where do they get the greatest return on their investment of
Publish At:2019-09-19 14:33 | Read:72 | Comments:0 | Tags:Android App Security iOS Mobile Malware Mobile Security Mobi

The Bad, The Ugly & The Good of Mobile Phishing Protection

“The good, the bad and the ugly” is a well-known expression, but when it comes to mobile phishing, I suggest shifting the order. Let’s talk about the bad, the ugly and the good. The Bad: Mobile Takes Phishing from Bad to Worse Phishing is one of the most dominant attack techniques in cyber security.  Phishing has a very low barrier of entry, attacks can be
Publish At:2019-09-19 14:33 | Read:70 | Comments:0 | Tags:Mobile Security Mobile Threat Defense advanced mobile threat

New iOS Jailbreak Tools put Organizations at Risk

According to iDownloadBlog.com (iDB), “in an unforeseen turn of events, hacker Pwn20wnd released v3.5.0 of the unc0ver jailbreak tool to the general public Sunday morning with official support for iOS 12.4, the latest available firmware release from Apple with support for Apple Card.”  While users wanting to bypass existing Apple operating system precaution
Publish At:2019-09-19 14:33 | Read:57 | Comments:0 | Tags:Mobile Malware advanced mobile threat defense iOS malware mo

Malicious Websites Put iOS Devices At Risk

In an excellent and deep blog analysis, Ian Beer of Google’s Project Zero outlines five separate iOS exploit chains that were found on a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iOS 0-day. (For another watering hole attack example, please see our recent blog,
Publish At:2019-09-19 14:33 | Read:100 | Comments:0 | Tags:iOS Machine Learning Mobile Security Mobile Threat Defense T

App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant

by Lilang Wu, Ju Zhu, and Moony Li We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The malicious profile also exploits certain fe
Publish At:2017-11-02 20:40 | Read:4613 | Comments:0 | Tags:Bad Sites Malware Mobile android app stores iOS

APPLE-SA-2017-10-31-1 iOS 11.1

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-10-31-1 iOS 11.1iOS 11.1 is now available and addresses the following:CoreTextAvailable for: iPhone 5s and later, iPad Air and later, and iPodtouch 6th generationImpact: Processing a maliciously crafted text file may lead to anunexpected application terminationDescription: A denial of service issue
Publish At:2017-11-01 20:05 | Read:5386 | Comments:0 | Tags: IOS

APPLE-SA-2017-10-31-9 Additional information for APPLE-SA-2017-09-19-1 iOS 11

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-10-31-9Additional information for APPLE-SA-2017-09-19-1 iOS 11iOS 11 addresses the following:802.1XAvailable for: iPhone 5s and later, iPad Air and later, and iPodtouch 6th generationImpact: An attacker may be able to exploit weaknesses in TLS 1.0Description: A protocol security issue was addressed
Publish At:2017-11-01 20:05 | Read:3211 | Comments:0 | Tags: IOS

Dangerous liaisons

It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We’re talking here about intercepting and stealing personal information and the de-anonymi
Publish At:2017-10-24 11:55 | Read:4121 | Comments:0 | Tags:Featured Mobile threats Android Certificate HTTPS iOS Mobile

iOS apps can access metadata revealing users’ locations and much more

Developer discovered that iOS apps can read metadata revealing users’ locations and much more, a serious threat to our privacy. The developer Felix Krause, founder of Fastlane.Tools, has discovered that iOS apps can access image metadata revealing users’ location history. Krause published a detailed analysis on the Open Radar community, he explai
Publish At:2017-09-28 18:26 | Read:3827 | Comments:0 | Tags:Breaking News Digital ID Hacking Mobile DetectLocations Exif

CISCO addressed several critical IOS flaws that expose devices to remote attacks

Cisco has released security updates for its IOS Operating System to fix more than a dozen critical and high severity vulnerabilities. Cisco has released updates for its IOS software to fix more than a dozen critical and high severity vulnerabilities that could be exploited by attackers to remotely take over company’s switches and routers. Giving a close loo
Publish At:2017-09-28 18:26 | Read:3399 | Comments:0 | Tags:Breaking News Hacking CISCO iOS RCE IOS

APPLE-SA-2017-09-25-4 Additional information for APPLE-SA-2017-09-19-1 iOS 11

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-09-25-4Additional information for APPLE-SA-2017-09-19-1 iOS 11iOS 11 addresses the following:BluetoothAvailable for: iPhone 5s and later, iPad Air and later,and iPod touch 6th generationImpact: An application may be able to access restricted filesDescription: A privacy issue existed in the handling
Publish At:2017-09-26 11:15 | Read:3543 | Comments:0 | Tags: IOS

APPLE-SA-2017-09-19-1 iOS 11

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-09-19-1 iOS 11iOS 11 is now available and addresses the following:Exchange ActiveSyncAvailable for: iPhone 5s and later, iPad Air and later,and iPod touch 6th generationImpact: An attacker in a privileged network position may be able toerase a device during Exchange account setupDescription: A vali
Publish At:2017-09-21 20:36 | Read:4303 | Comments:0 | Tags: IOS

APPLE-SA-2017-09-20-1 Additional information for APPLE-SA-2017-09-19-1 iOS 11

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-09-20-1 Additional information for APPLE-SA-2017-09-19-1 iOS 11iOS 11 addresses the following:Exchange ActiveSyncAvailable for: iPhone 5s and later, iPad Air and later,and iPod touch 6th generationImpact: An attacker in a privileged network position may be able toerase a device during Exchange acco
Publish At:2017-09-21 20:36 | Read:4457 | Comments:0 | Tags: IOS

iXintpwn/YJSNPI Abuses iOS’s Config Profile, can Crash Devices

by Hara Hiroaki, Higashi Yuka, Ju Zhu, and Moony Li While iOS devices generally see relatively fewer threats because of the platform’s walled garden approach in terms of how apps are installed, it’s not entirely unbreachable. We saw a number of threats that successfully scaled the walls in 2016, from those that abused enterprise certificates to ones th
Publish At:2017-09-19 00:55 | Read:4229 | Comments:0 | Tags:Mobile Apple iOS iOS Configuration Profile iXintpwn YJSNPI I

SEC Consult SA-20170913-1 :: Local File Disclosure in VLC media player iOS app

SEC Consult Vulnerability Lab Security Advisory < 20170913-1 >======================================================================= title: Local File Disclosure product: VLC media player iOS app vulnerable version: 2.7.8 fixed version: 2.8.1 CVE number: - impact: Medium homepage: https://itun
Publish At:2017-09-13 09:40 | Read:3119 | Comments:0 | Tags: IOS

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud