ZecOps - A Jamf Company

Demo: youtube.com/watch?v=g_8JVU…

In first, Israeli citizen found to have been infected by Pegasus twice in the past two years. Unclear why the man, who is active in the protests against Netanyhu, was targeted and by who. Forensics by @JamfSoftware @ZecOps @citizenlab haaretz.com/israel-news/se…

Attention all mobile users! 📱🚨 It’s important to stay informed about the latest threats to your device. Check out our latest blog post to learn about the evolution of mobile #spyware and how you can protect yourself. ow.ly/B6X050NKBYa #cybersecurity #JamfThreatLabs

Using Jamf to #automate more workflows can empower your organization to increase productivity without hiring new workers. Listen to what our customers have to say! If you need to do more with less, request a #trial of Jamf today. ow.ly/ZUWZ50M3HqN #ITAdmin #Apple #Tech

Introducing AWS Verified Access! This integration improves organizational #security by enhancing threat prevention measures and reducing the risk of data breaches, all while simplifying security controls. Learn more in our press release. ow.ly/KfAM50LR6FI

Welcome to the @ZecOps team! We are @JamfSoftware are so excited to work together to reimagine Management and Security for @Apple at Work — simplifying the workplace while securing the enterprise!

@rachelnauen @JamfSoftware Thank you @rachelnauen!

So excited to welcome the team into the @JamfSoftware fam - let's go!! jamf.com/blog/zecops-ac…

Exciting announcement: Jamf completes acquisition of ZecOps, extending its mobile security capabilities by adding advanced detections and incident response for iOS! jamf.com/resources/pres… @JamfSoftware

From #OBTS conference today: Ian Beer from @projectzero mentioned that CVE-2020-9907 was exploited in the wild. Thanks to @ZecOps @08Tc3wBB CVE-2020-9907 was reported to @Apple and patched, and will not be used against any iOS user that updated their device!

Are you ready #JamfNation? #JNUC2022 Together again

We announced plans to acquire @ZecOps, a leading mobile #security solution designed to discover and analyze the most sophisticated cyber attacks on mobile devices.

We are excited to join forces with @JamfSoftware to offer customers truly powerful mobile threat hunting capabilities without compromising the user experience or violating their personal privacy. Exciting times ahead! jamf.com/resources/pres… cc: @ihackbanme @deanhager

Don't have access yet? Contact us here zecops.com/contact/contac…

ZecOps for Mobile is now fully supporting iOS 16 (including Lockdown Mode!)

iOS 15.7 is out and it fixed CVE-2022-32917 which was likely exploited in the wild. Update as soon as you can. support.apple.com/en-us/HT213445

Please note: processes used as IOCs have limited value. In most cases, attackers can change the names. The folks from Amnesty Tech had done an impressive job in their research, and trying to prove anything due to a lack of clarification on uppercase/lowercase is ridiculous.

For clarity: Amnesty referred to 'Diagnosticd' with uppercase D. We referred to 'diagnosticd' with lowercase D. If you are seeing 'diagnosticd' in /usr/libexec it is a legitimate process. If you've observed 'Diagnosticd' in any folder, per Amnesty's note, it could be malicious.

[Pegasus IOCs Update] One of the Pegasus IOCs included a process named 'diagnosticd'. If you found this process on your phone: don't panic! This process is a default iOS process (located at /usr/libexec/diagnosticd).

@1njection Yes!

@ZecOps Could a malicious process still spoof the process name diagnosticd just by having a different absolute path?

Remember: WebKit+Kernel exploit that is delivered via AdNetwork == 0-click water-holing attack. For mobile devices specifically, it is (very) dangerous out there and 99.9% of device-owners and businesses don't even know what *processes* are running on your phones.

We see similar attacks often and can help to provide visibility to iPhones and iPads. Contact us here if you need help: zecops.com/contact/contac…

[IMPORTANT] Using an iPhone or iPad? make sure to update to the latest iOS and iPadOS that fixes two vulnerabilities that may have been exploited in the wild in one-click and potentially also zero-click attacks! More details on Apple's website: support.apple.com/en-us/HT213412