Zimperium, the global leader in enterprise mobile security, will host a webinar titled, “Compliance and Mobile Devices: The Forgotten Endpoint.” Organizations in practically every industry, including financial services, retail, healthcare and more, are required to meet cybersecurity compliance requirements set by federal and state regulators. Penalties for non-compliance include massive fines in some cases, including: According … Read More
Follow @tamir_zb As part of our platform research in Zimperium zLabs, we recently disclosed a buffer overflow vulnerability affecting multiple Android DRM services to Google. Google classified it as high-severity, designated it as CVE-2017-13253 and have patched it in the March security update. In this blog post, we’ll cover the details of the vulnerability. First, … Read More
RedDrop is another in the long line of Android spyware apps. The malware has captured attention because of its ability to turn on microphones and exfiltrate sensitive data, but unfortunately that doesn’t make it unique. While there appears to be an elaborate network behind it, RedDrop is simply another Android spyware variant that utilizes well-known … Read More
Follow @fvrmatteo On February 26, 2018, we received a notification from the detection system about a malicious sample with a suspicious package and Play Store name. We quickly verified the automatic analysis and confirmed the sample was actively trying to scam users to download it instead of the original BBC News mobile app. Fake … Read More
Following my previous blog post titled “New Crucial Vulnerabilities in Apple’s bluetoothd daemon”, I am releasing the vulnerability PoC. The PoC is released for educational purposes and evaluation by IT Administrators and Pentesters alike, and should not be used in any unintended way. Furthermore, this PoC and any other related material, is published only after … Read More
