Criminals may not have physical access to your device – but that won’t stop them from hacking your device remotely to steal sensitive and confidential data. The BYOD revolution is here to stay and enterprises need to adopt mobile security best practices that can help prevent cyberattacks like Shellshock, WireLurker, […]
All posts by Z Team
Posts by Z Team:
DoubleDirect – Zimperium Discovers Full-Duplex ICMP Redirect Attacks in the Wild
By: Esteban Pellegrino, Zuk Avraham, Patrick Murray and Rachel Ackerly. Zimperium Mobile Security Labs have investigated during the last year a dangerous type of attack technique in the wild being exploited by attackers. Aptly named “DoubleDirect,” this attack is a type of “Man-in-the-Middle” attack (MITM) enabling an attacker to redirect […]
2015 Mobile Security Predictions – Mobile Attacks Move Mainstream
As 2014 inches to an end, Zimperium Mobile Security Labs researchers are actively preparing to stay one step ahead of attackers in the ever changing mobile security threat landscape. Due to the growing mobile device market, and the recent wave of attacks like Shellshock, Poodle, WireLurker and DoubleDirect, the Zimperium […]
Nation-state attacks exist on iOS
Yesterday reports surfaced about China potentially using malware targeted at iPhone users to spy on Hong Kong protesters. Is it possible that a nation-state attack on an iOS device would be so bold as to use the words ODAY in its attack? Possibly… But what’s more important here is not […]
zANTI2 Shellshock Scanner Plugin
Today Zimperium released a new plugin for zANTI2, the “Shellshock Scanner” capable of detecting the Shellshock BASH vulnerability on both a local network IP address or a remote host. Once you select a target, the plugin will send multiple requests to popular CGI scripts to the host IP address. The […]
Shellshock – Find out if your mobile device is vulnerable
Today a new vulnerability was discovered called “Shellshock,” that targets BASH, a popular software widely used to control the command prompt on many *nix computers. Shellshock has the potential to wreak havoc on websites, web servers, PCs, routers and more because it enables hackers to gain complete control of an […]
LinkedIn 0day Vulnerability Puts Your Data at Risk
Today, corporate networks and websites face varying degrees of cyber-threats – ranging from widespread well-publicized threats like the recent Heartbleed bug, to those that are less well-known, but just as damaging, like “Man-in-the-Middle” (MITM) attacks. The latter cyber-threat threats are network attacks that allow hackers to intercept users’ internet communication, […]
Detection of TowelRoot & Exploits of CVE-2014-3153
Today we had the opportunity to see the engine of zIPS our Mobile IPS in action on a newly published vulnerability. As a reminder, we prefer complex problems, hence security on mobile devices is where we can think of out of the box ideas to solve security problems while […]
Mobile Security Updates
Receive Zimperium proprietary research notes and vulnerability bulletins in your inbox