Mobile devices continue to be the target of attack at increasing rates. There is a relatively simple explanation for this – in a typical organization today, 60% of the endpoints containing or accessing enterprise data are mobile; the majority of which do not have any security protection today. It […]
As the worldwide leader in mobile threat defense (MTD), no company protects more enterprise mobile devices than Zimperium. As a result, we have incredibly rich and unmatched forensic data about mobile device, network, phishing and app risks and attacks from all around the world. Based on popular demand, Zimperium held […]
“Watering Hole” is a cyber attack strategy in which the victim is a particular group (organization, industry, or region). In this attack, the attacker typically observes which websites or applications the group often uses and infects one or more of them with malware. Eventually, some members of the targeted group […]
Researcher: Chilik Tamir (@_coreDump) Recently, Zimperium blogged about the new WhatsApp vulnerability disclosed by Facebook on May 13th. This vulnerability was reportedly exploited in the wild, and it was designated as CVE-2019-3568. A previous post by Zimperium gave some preliminary information about the vulnerability, impacted WhatsApp products, an alleged […]
Summary A local user may be able to cause unexpected system termination or read kernel memory. Details In the function IOHIDEventServiceFastPathUserClient::getSharedMemorySize, the ClientObject (Offset 0xE0 of the user client) is given to a function which assumes it is initialised (It should be initialised via external method 0 — IOHIDEventServiceFastPathUserClient::_open). Calling […]
A new WhatsApp vulnerability has attracted the attention of the press and security professionals around the world. Zimperium zLabs will be creating a detailed blog soon, but we wanted to provide our readers with preliminary information now. What follows is a quick summary of the vulnerability. It has been rumored […]
Nicolás Chiaraviglio (@chiconara) We recently blogged about attacks perpetrated at WiFi networks in Barcelona before and during the 2019 Mobile World Congress (MWC). We found an astonishing amount: estimating more than 7,000 threats in less than four days. Furthermore, 25 percent of those threats were detected in hotels, and of those, 70 percent […]
Analysis & Post By: Alex Calleja (@alximw) Matteo Favaro (@fvrmatteo) Advertising and click fraud campaigns are one of the most common mobile malware-based monetization techniques. Although they are considered a lawful income source in most app markets, they can put the user’s privacy at risk and even cause economic damage. Once […]
Nicolás Chiaraviglio (@chiconara) (This post is a follow up of an earlier blog post) Last week, we released a blog warning about how hackers leverage massive events like the Mobile World Congress (MWC) to attack high profile corporates to steal company data. We showed the network attacks we detected last year in Barcelona, […]
Nicolás Chiaraviglio (@chiconara) The GSMA Mobile World Congress, taking place every year in Barcelona, is undoubtedly the most important event for the mobile industry – with an average attendance of more than 100k people each year. Every important company is represented, with salespeople and high ranking executives taking the chance to […]
Receive Zimperium proprietary research notes and vulnerability bulletins in your inbox