“Watering Hole” is a cyber attack strategy in which the victim is a particular group (organization, industry, or region). In this attack, the attacker typically observes which websites or applications the group often uses and infects one or more of them with malware. Eventually, some members of the targeted group […]
Researcher: Chilik Tamir (@_coreDump) Recently, Zimperium blogged about the new WhatsApp vulnerability disclosed by Facebook on May 13th. This vulnerability was reportedly exploited in the wild, and it was designated as CVE-2019-3568. A previous post by Zimperium gave some preliminary information about the vulnerability, impacted WhatsApp products, an alleged […]
Our first free webinar in our series of “The 5 Must-Have Sections for Every Enterprise Mobile Security Request For Proposal (RFP)” deals with Advanced, Purpose-Built Threat Detection, and took place on June 19, 2019. Mobile operating systems (OSs) are fundamentally different from other endpoint OSs. The reality is, mobile devices are now the […]
As banks encourage us to move our money to mobile banking apps and cashless formats for convenience and speed, so does the threat of cybercrime. Today, cybercriminals target 63 percent of the banks in our study using specific malware campaigns to trick mobile users into surrendering their money and banking […]
Summary A local user may be able to cause unexpected system termination or read kernel memory. Details In the function IOHIDEventServiceFastPathUserClient::getSharedMemorySize, the ClientObject (Offset 0xE0 of the user client) is given to a function which assumes it is initialised (It should be initialised via external method 0 — IOHIDEventServiceFastPathUserClient::_open). Calling […]
The Business Intelligence Group today announced Zimperium’s zIAP as the winner of the 2019 Fortress Cyber Security Mobile Application Security Award. This is zIAP’s second consecutive win. The business award program identifies and rewards the world’s leading companies and products working to keep data and electronic assets safe among a […]
The California Consumer Privacy Act (CCPA) has been characterized as “the beginning of America’s General Data Protection Regulation (GDPR),” and its aim is to enhance privacy rights and consumer protection for residents of California. Businesses subject to CCPA must meet strict requirements relating to their use of personally identifiable consumer […]
They say it happens in threes. This time, the three are: Flipboard, the social sharing site and news aggregator, reset millions of user passwords after hackers gained access to its systems several times over a nine-month period; Developer platform Stack Overflow earlier this month confirmed a breach involving “a […]
In JPMorgan Chase’s 2018 annual report, CEO Jamie Dimon states in a widely read letter to shareholders the following. “The threat of cybersecurity may very well be the biggest threat to the U.S. financial system.” In April 2019, five of seven CEOs from the largest U.S. banks testified during House […]
NERC Critical Infrastructure Protection (CIP) is designed to secure the assets required for operating North America’s bulk electric system. Since mobile devices from smartphones to tablets are increasingly being used by technicians to service critical infrastructure, it’s vital to ensure organization’s mobile devices are NERC compliant – just as your […]