A Review of the Best News of the Week on AI, IoT, & Mobile Security

Machine Learning or AI? (Gartner Blog Network, Nov 28 2017)
“One of our clients was complaining about the “real Machine Learning” capabilities of a UEBA solution. According to them, “it was just rule based”. What do you mean by rule based? Well, for them, having to tell the tool that it needs to detect behavior deviations on the authentication events for each individual user, based on the location (source IP) and on the time of the event, is not really ML, but a rule based detection. I would say it’s both.”

Are your connected devices searchable on the Internet? (Help Net Security, Nov 29 2017)
Despite being a hub for technology talent, Berliners are leaving themselves wide open to cyberattack through poor security practices that are exposing millions of cyber assets. The data, based on analysis of devices and systems discoverable through Shodan, the search engine for connected devices, found over 2.8 million exposed cyber assets in Berlin, and 2.5 million in London across firewalls, webcams, routers and storage devices.

Additional protections by Safe Browsing for Android users (Google Online Security Blog, Dec 01 2017)
The Google Safe Browsing team has expanded enforcement of Google’s Unwanted Software Policy to further tamp down on unwanted and harmful mobile behaviors on Android. As part of this expanded enforcement, Google Safe Browsing will show warnings on apps and on websites leading to apps that collect a user’s personal data without their consent.


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


Google AI lets phone owners know about shoulder surfers (Naked Security – Sophos, Nov 29 2017)
Researchers’ system halts a text conversation, shows a face peering over your shoulder, and involves alarmingly pretty sparkles and rainbows!

Can machine learning be used to shore up cyber defenses? (CSO Online, Nov 27 2017)
The meteoric rise of malware has put us all at risk. We are engaged in a never-ending race with cybercriminals to protect systems, plug gaps, and eradicate vulnerabilities before they can gain access. The front line grows by the day as we share more data and employ new network-connected devices via the rise of the Internet of Things.

Criminals look to machine-learning to mount cyber attacks (SC Magazine, Nov 30 2017)
Cyber-criminals will use artificial intelligence and machine learning to outwit IT security and mount new forms of cyber-attacks, according to predictions made by McAfee.

Can AI eliminate phishing? (CSO Online, Dec 01 2017)
Phishing continues to plague consumers and businesses alike. Is artificial intelligence the answer to solving this persistent security headache?

Ghostery 8 Deploys Artificial Intelligence in the Fight Against Ad Trackers (Wired, Dec 05 2017)
With the release of Ghostery 8, the popular ad-blocker introduces artificial intelligence and Smart Mode, a whole new level of usability for beginners.

IoT Security | Endpoint Hardware Key Storage (Gartner Blog Network, Nov 28 2017)
While cryptographic algorithms fail from time to time as computational tools advance or analytical breakthroughs occur, failures of this nature are rare events. Key storage or management failures are the leading causes for cryptographic protection failure.

AWS allows customers to manage and protect IoT devices (Help Net Security, Nov 30 2017)
AWS IoT 1-Click, AWS IoT Device Management, AWS IoT Device Defender, AWS IoT Analytics, Amazon FreeRTOS, and AWS Greengrass ML Inference make getting started with IoT as easy as one click, enable customers to onboard and manage large fleets of devices, audit and enforce consistent security policies, and analyze IoT device data at scale.

The Rising Dangers of Unsecured IoT Technology (Dark Reading, Dec 04 2017)
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.

DDI is a critical component of IoT success (Network World Security, Dec 04 2017)
One tool that can help network operations meet the challenges of an environment where more and more things are being connected is DDI. DDI is actually a set of tools: DNS, DHCP, and IPAM (IP address management)

Samsung’s Mobile Device Bug Bounty Program Gets a Boost (Dark Reading, Nov 29 2017)
Samsung Electronics partners with Bugcrowd to deliver timely payments for its Mobile Security Rewards Program.

Microsoft Edge Browser for Android, iOS Allows Quick Switch to PCs (eWEEK, Dec 01 2017)
Blurring the lines between smartphones and PCs, the new Edge browser for Android and iOS allow users to seamlessly shift their browsing habits between both device classes.

Google sued over iPhone ‘Safari Workaround’ data snooping (Naked Security – Sophos, Nov 30 2017)
Did you use an iPhone in the UK between 1 June 2011 and 15 February 2012? If so, you’re one of an estimated 5.4 million who may be in line for compensation.

Android Developer Tools Contain Vulnerabilities (Dark Reading, Dec 05 2017)
Several of the most popular cloud-based and downloadable tools Android developers use are affected.

Android’s December 2017 Patches Resolve Critical Flaws (SecurityWeek, Dec 05 2017)
The December 2017 Android security patches that Google released this week resolve 47 vulnerabilities, including 10 rated Critical severity. The patches affect a variety of platform components and were split in two packages, or security patch levels, as Google calls them.