On March 27, 2023, the Biden administration issued an Executive Order (EO) prohibiting government agencies from using and acquiring hacking tools, such as commercial spyware. According to senior administration officials, the order “is in­tended to grap­ple with the rapidly grow­ing and lu­cra­tive in­ternational mar­ket­place of cy­ber-in­tru­sion tools that can break into some­one’s phone—of­ten with mal­ware that doesn’t re­quire the vic­tim to click on a ma­li­cious link or at­tach­ment—and spy on them un­de­tected for months or years.” (source: Wall Street Journal). Yesterday, mobile spywa ..read more

As today’s reliance on mobile devices for sensitive activities such as banking and communication increases, the risks associated with mobile app attacks continue to skyrocket. As a result, mobile application security is more crucial than ever, affecting both developers and users alike. In conjunction with Riscure, Zimperium recently hosted an informative webinar titled, “Top Risks to Address in your Mobile Application Security Journey,” featuring industry experts Anis Hamdi from Riscure and Tim Hartog and Andrew Snyder from Zimperium. The session discussed the most common mobile app attack vec ..read more

The U.S. tax filing deadline this year is April 18, which is roughly 3 more weeks of open season for hackers looking to scam taxpayers. We have been warned of tax scams in the past, but the pandemic has forced consumers and businesses to reconsider how they file their taxes due to rising cybersecurity concerns. In 2022, the IRS reported that approximately 155 million tax returns were filed online. While online filing options have been available for years, mobile applications are making it easier than ever for taxpayers to file their returns–often in a matter of minutes. With mobile apps, users ..read more

In recent weeks, more news has come out about vulnerabilities affecting Apple devices. Here are some details about these discoveries and some important lessons to draw from this news. The Vulnerability In February, a researcher at Trellix announced the discovery of a “large new class of bugs” that affects iPhones, iPads, and Macs. Once an attacker gains access to a device, they can use this vulnerability to run code that bypasses code-signing safeguards. Through this exploit, an attacker could gain access to pretty much any assets on the victim’s device, including photos, call logs, text messa ..read more

Over the last few months, there has been a recent wave of attacks on the maker of Call of Duty. It was reported that in early December, game maker Activision was hacked in a smishing attack. The company confirmed the December 2nd hack in February after research group vx-underground broke the news on Twitter. According to reports, the attackers sent a malicious SMS message to several Activision employees, mimicking a two-factor authentication message. Although not all employees clicked on the link, one privileged user did, giving the threat actors access to internal documents, employee informat ..read more

We’re proud to announce that CRN®, a brand of The Channel Company, has named Zimperium to its annual Security 100 list. Recipients chosen for this year’s Security 100 list have been specifically selected by CRN editors for their outstanding channel-focused security offerings. The list serves as a comprehensive guide for solution providers, helping them to identify the top security vendors to team with as they build innovative solutions for their customers. “As the only mobile security platform purpose-built for enterprise environments, we take great pride in being named to this prestigious li ..read more

The demand for zero trust architectures has long been well understood. However, while the “why” is clear, it’s the “how” that’s far less straightforward. As they pursue a move to zero trust, many teams struggle with devising the specific tools, tactics, and approaches that are optimally aligned with their organizations. Read on to learn more about vital new resources that offer much-needed guidance for teams looking to adopt zero trust in their organizations. Introduction: The Pressing Demands for Zero Trust The need for zero trust architectures continues to get more pressing as the notion of ..read more

In some realms, a 40% success rate may be okay. For a batter in baseball, it would be considered great. In security, though? Not so much. This post summarizes our recent webinar discussion with Rick Bosworth from SentinelOne about the emerging threats that unprotected mobile devices present to enterprises and why enterprise detection and response (EDR) solutions working in tandem with mobile threat defense (MTD) represent a critical requirement for today’s enterprises. Introduction: The Dangers Posed by Unprotected Mobile Devices For any security team, there’s a fundamental calculation th ..read more

Over the next few months, the Department of Defense (DoD) will start to incorporate Cybersecurity Maturity Model Certification (CMMC) requirements into its solicitations. This means that organizations in the Defense Industrial Base (DIB) that manage Controlled Unclassified Information (CUI) will soon need to establish capabilities for complying with these requirements and demonstrating these efforts in attestations and audits. To comply with these requirements, teams will need to institute robust mobile device security. In this post, we will provide some background on CMMC and the underlying s ..read more

When it comes to malware, efficacy is key. It can take just one missed malicious app to inflict a lot of damage. On the other hand, false positives are also problematic, given they can cause needless disruption of the user experience. In recent independent testing from AV-TEST, Zimperium’s mobile threat defense solution, zIPS, delivered top-tier results—better than 99% accuracy in about all scenarios. Read on to find out more about the tests and how zIPS fared. Introduction: The Criticality of Mobile Malware Detection When it comes to malware targeting mobile devices, the danger is real and gr ..read more