A Review of the Best News of the Week on AI, IoT, & Mobile Security

A First Legislative Step in the IoT Security Battle (Lawfare, Aug 04 2017)
The bill seeks to use the federal government’s purchasing power to drive much-needed cybersecurity improvements in internet-connected devices. In addition, the bill would amend the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act to encourage research on device vulnerabilities. …

New Bill Seeks Basic IoT Security Standards (Krebs on Security, Aug 01 2017)
For example, the bill would require vendors of Internet-connected devices purchased by the federal government make sure the devices can be patched when security updates are available; that the devices do not use hard-coded (unchangeable) passwords; and that vendors ensure the devices are free from known vulnerabilities when sold…

Moving forward with machine learning for cybersecurity (CSO Online, Aug 03 2017)
Of the total survey population, only 30% of respondents claim to be very knowledgeable in this area. In other words, 70% of cybersecurity professionals really don’t understand where machine learning and AI fit…

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Tornado warning: Commingling of public and IoT clouds? (Fortinet Blog, Aug 07 2017)
Clouds are tricky things. It’s hard to tell where the foundations of a cloud reside. You could point at the physical infrastructure. Some of the best side-channel attacks target hardware. There is the operating system that runs everything. And there is the middleware, billing, hypervisors, drivers and web front ends. The potential attack surface of a cloud service provider (CSP) or consumption market platform is gigantic….

Clustering and Dimensionality Reduction: Understanding the “Magic” Behind Machine Learning (Imperva Blog, Aug 08 2017)
Understand the techniques behind machine learning how they can be applied to solve the specific problem of identifying improper access to unstructured data….

Five new threats to your mobile device security (CSO Online, Aug 01 2017)
I’m not sure these are “new”, but here they are: 1. Persistent enterprise-class spyware, 2. Mobile botnets, 3. Ad and click fraud, 4. IoT, and 5. Dead apps…

Cylance Bringing Enterprise Security Platform Technology to Home Users (eWEEK, Aug 04 2017)
Cylance Protect Home Edition debuts delivering artificial intelligence powered malware detection capabilities proven in the enterprise, to the home office….

Artificial Intelligence Taking a Bigger Role in Antimalware Technology (eWEEK, Aug 04 2017)
Artificial intelligence is taking on a bigger role in antimalware products. But it’s not foolproof and its clear cyber-criminals will soon use AI to make their malware stealthier….

Identifying Intrusive Mobile Apps Using Peer Group Analysis (Google Online Security Blog, Jul 12 2017)
Google analyzes privacy and security signals for each app in Google Play. They then compare that app to other apps with similar features, known as functional peers. Creating peer groups allows us to calibrate their estimates of users’ expectations and set adequate boundaries of behaviors that may be considered unsafe or intrusive.

Exposed IoT servers let hackers unlock prison cells, modify pacemakers (ZDNet, Jul 31 2017)
A researcher has found an often-misconfigured protocol puts sex toys, heart monitors, and even oil pipelines and particle accelerators at risk of attack….

How Darktrace’s AI detects metamorphic malware (Darktrace Blog, Aug 08 2017)
Darktrace observed the initial infection when three anomalous executables were transferred over plain text. The malware did not match any known threat signatures, allowing it to bypass the network’s perimeter controls….