Posts in "Threat Research"

How Zimperium’s z9 Detected Unknown Mobile Malware Overlooked by the AV Industry

Introduction Thousands of new malicious apps are being released for mobile devices every day. And thousands more variations of older malware are being released too. Unfortunately, many of these new/old threats are not being detected by the existing mobile malware technology. Organizations need next generation machine learning-based solutions that can effectively detect these unknown malware … Read More

The Unpatchable Checkra1n Exploit

Today, the “unpatchable” jailbreak known as  Checkra1n (Device Compatibility) was officially released and generally available. Checkra1n is unprecedented in potential impact with millions of devices at risk as a result of the extensive device and iOS targets. While this should concern anyone using any of the targeted devices or iOS versions, those using Zimperium’s zIPS … Read More

Malicious Websites Put iOS Devices At Risk

In an excellent and deep blog analysis, Ian Beer of Google’s Project Zero outlines five separate iOS exploit chains that were found on a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iOS 0-day. (For another watering hole attack example, please see our … Read More

What exactly is a mobile ______ attack?

Mobile devices contain or have access to the same information as traditional endpoints. While billions of dollars have been spent protecting and securing traditional endpoints, very little has been invested to protect mobile device endpoints. Attackers work on the same model as any other business: where do they get the greatest return on their investment … Read More

Zimperium’s “State of Enterprise Mobile Security” Report Says Every Enterprise has Mobile Security Threats and Attacks

  Mobile devices continue to be the target of attack at increasing rates.  There is a relatively simple explanation for this – in a typical organization today, 60% of the endpoints containing or accessing enterprise data are mobile; the majority of which do not have any security protection today. It is no longer a matter … Read More