A potential security risk has been discovered on a large number of Android Smartphones as discovered by Nowsecure. Some of the latest devices, such as Samsung Galaxy S6, and Galaxy S5, come pre-loaded with a third-party keyboard app, SwiftKey, which fetches an update over unsecure and invalidated channel. This allows the […]
Currently browsing: Mobile Malware
Telegram App Store Secret-Chat Messages in Plain-Text Database
EDIT: The following post * was not on a rooted or jailbroken device *. In order to access the plain-text secret-chat database containing the messages, we used our implementation of CVE-2014-3153. The claims that the device is rooted / jailbroken are incorrect and misleading. I will start by quoting CryptoFail […]
Millions impacted by infected Android Apps
Millions of Android users have been impacted recently by malware masquerading as a card game called Durak, an IQ test and a history app. The discovery was made by Avast security researcher, Flip Chytry. The malware contains fake ads that pop-up whenever an unsuspecting user unlocks their device. The ads […]
The Real Mobile Threat Landscape
What Is a Mobile Threat? The sophistication and continuous evolution of advanced threats is a serious problem for modern enterprises. Mobile malware, malicious apps, targeted data-stealing attacks on iOS and Android devices are introducing new challenges for IT security. Like viruses and malware that can infect your PC, there are […]
Nation-state attacks exist on iOS
Yesterday reports surfaced about China potentially using malware targeted at iPhone users to spy on Hong Kong protesters. Is it possible that a nation-state attack on an iOS device would be so bold as to use the words ODAY in its attack? Possibly… But what’s more important here is not […]
zANTI2 Shellshock Scanner Plugin
Today Zimperium released a new plugin for zANTI2, the “Shellshock Scanner” capable of detecting the Shellshock BASH vulnerability on both a local network IP address or a remote host. Once you select a target, the plugin will send multiple requests to popular CGI scripts to the host IP address. The […]
JPMorgan Hacked: Wake Up Call For Enterprises to Secure Endpoints
Why $250 million didn’t protect JPMorgan from hackers… Late last month CBS Nightly News reported about a robbery at American’s biggest bank, JPMorgan. This attack was no ordinary hold-up. JP Morgan Chase fell victim to a targeted cyberattack, despite spending $250 million dollars on cybersecurity. According to the information disclosed […]
LinkedIn 0day Vulnerability Puts Your Data at Risk
Today, corporate networks and websites face varying degrees of cyber-threats – ranging from widespread well-publicized threats like the recent Heartbleed bug, to those that are less well-known, but just as damaging, like “Man-in-the-Middle” (MITM) attacks. The latter cyber-threat threats are network attacks that allow hackers to intercept users’ internet communication, […]
Mobile Security Updates
Receive Zimperium proprietary research notes and vulnerability bulletins in your inbox