Researcher: Chilik Tamir (@_coreDump) Recently, Zimperium blogged about the new WhatsApp vulnerability disclosed by Facebook on May 13th. This vulnerability was reportedly exploited in the wild, and it was designated as CVE-2019-3568. A previous post by Zimperium gave some preliminary information about the vulnerability, impacted WhatsApp products, an alleged […]
Our first free webinar in our series of “The 5 Must-Have Sections for Every Enterprise Mobile Security Request For Proposal (RFP)” deals with Advanced, Purpose-Built Threat Detection, and took place on June 19, 2019. Mobile operating systems (OSs) are fundamentally different from other endpoint OSs. The reality is, mobile devices are now the […]
As banks encourage us to move our money to mobile banking apps and cashless formats for convenience and speed, so does the threat of cybercrime. Today, cybercriminals target 63 percent of the banks in our study using specific malware campaigns to trick mobile users into surrendering their money and banking […]
Summary A local user may be able to cause unexpected system termination or read kernel memory. Details In the function IOHIDEventServiceFastPathUserClient::getSharedMemorySize, the ClientObject (Offset 0xE0 of the user client) is given to a function which assumes it is initialised (It should be initialised via external method 0 — IOHIDEventServiceFastPathUserClient::_open). Calling […]
The Business Intelligence Group today announced Zimperium’s zIAP as the winner of the 2019 Fortress Cyber Security Mobile Application Security Award. This is zIAP’s second consecutive win. The business award program identifies and rewards the world’s leading companies and products working to keep data and electronic assets safe among a […]
The California Consumer Privacy Act (CCPA) has been characterized as “the beginning of America’s General Data Protection Regulation (GDPR),” and its aim is to enhance privacy rights and consumer protection for residents of California. Businesses subject to CCPA must meet strict requirements relating to their use of personally identifiable consumer […]
They say it happens in threes. This time, the three are: Flipboard, the social sharing site and news aggregator, reset millions of user passwords after hackers gained access to its systems several times over a nine-month period; Developer platform Stack Overflow earlier this month confirmed a breach involving “a […]
In JPMorgan Chase’s 2018 annual report, CEO Jamie Dimon states in a widely read letter to shareholders the following. “The threat of cybersecurity may very well be the biggest threat to the U.S. financial system.” In April 2019, five of seven CEOs from the largest U.S. banks testified during House […]
It used to happen all the time. People actually carried a work phone and a personal phone. There used to be a real cost to how companies and their employees used their digital devices. Now, with inexpensive and unlimited use cellular plans, the financial concerns of using a personal device […]
In my first blog, I discussed why mobile devices are the likely choice for savvy attackers since they typically have no endpoint protection. Let’s understand what is on the device and how that can impact an enterprise/organization. The goal of an attacker that is targeting your organization, is not to […]
Receive Zimperium proprietary research notes and vulnerability bulletins in your inbox