A Review of the Best News of the Week on AI, IoT, & Mobile Security

Pop-Up Mobile Ads Surge as Sites Scramble to Stop Them (Wired, Jan 08 2018)
Until ad networks vet what comes through more closely, those redirect ads aren’t going anywhere.

IoT malware targeting zero-day vulnerabilities (Help Net Security, Jan 12 2018)
First, they targeted IoT devices with default or weak passwords, and manufacturers and users began changing them. Then they used known vulnerabilities, and IoT vendor increased their efforts to push out patches. Now, some botmasters are making a concentrated effort to find unknown flaws they can exploit.

China firm to run Apple iCloud accounts (BBC News, Jan 16 2018)
A company linked to the Chinese government will operate the service in China from 28 February.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

AI’s Biggest Impact in the Data Center is Cybersecurity (Data Center Knowledge, Jan 11 2018)
AI tools can handle more data than human security pros ever can and find anomalies that are invisible to humans.

Reading robots beat humans in Stanford test (CNNMoney, Jan 16 2018)
Artificial intelligence programs built by Alibaba and Microsoft just bested humans in a Stanford University reading comprehension test.

Automation – Why Only Now? (Gartner Blog Network, Jan 12 2018)
Why are we only seeing security operations automation and security testing automation technologies come to market now? I mean, automating workflows is not new technology, so why are these specific workflows only being automated now?

AI in Cybersecurity: Where We Stand & Where We Need to Go (Dark Reading, Jan 11 2018)
How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.

France Might Vet Acquisitions of AI, Data Protection Firms (Dark Reading, Jan 12 2018)
Finance minister says country may add artificial intelligence and data security to list of nation’s strategically important, regulated sectors

On-prem/Private IoT Platform Gotchas (Gartner Blog Network, Jan 10 2018)
There are problems that can only be solved by moving compute, storage and analytical capabilities close to or into the IoT endpoint. The key is including these issues in your architectural and operational strategies and avoiding having these issues become gotchas that derail your project.

Internet of Things security issues bleed into 2018 (Help Net Security, Jan 16 2018)
Their ubiquity and large numbers make them highly attractive targets. Yet, despite their growing numbers, IoT devices are relatively unprotected and make easy targets. The industry analyst firm Gartner Group has projected that approximately 21 billion IoT devices will be in use by the year 2020.

New Mirai Variant Targets Billions of ARC-Based Endpoints (Infosecurity Magazine, Jan 16 2018)
RISC-based ARC processors are widely used in IoT and embedded systems and said to be shipped in over 1.5 billion products each year. The new threat — named Okiru, which is Japanese for “wake up” — was first spotted by MalwareMustDie researcher @unixfreaxjp and touted as the first ever malware developed for ARC systems.

147 Security Vulnerabilities Found in ICS Mobile Applications (eWEEK, Jan 11 2018)
A new report from security firms IOActive and Embedi reveals that flaws in mobile industrial control system applications could be exposing industrial IT systems to risks.

Malware Displaying Porn Ads Discovered in Game Apps on Google Play (Check Point Blog, Jan 12 2018)
Check Point Researchers have revealed a new and nasty malicious code on Google Play Store that hides itself inside roughly 60 game apps, several of which are intended used by children. According to Google Play’s data, the apps have been downloaded between 3 million and 7 million times.

Apps most frequently blacklisted by enterprise security teams (Help Net Security, Jan 10 2018)
Appthority released its Enterprise Mobile Security Pulse Report for Q4 2017, which details the apps most frequently blacklisted by enterprise mobility and security teams.

Android Malware Developed in Kotlin Programming Language Found in Google Play (SecurityWeek, Jan 10 2018)
Detected as ANDROIDOS_BKOTKLIND.HRX, the malicious program was masquerading as Swift Cleaner, a utility designed to clean and optimize Android devices. The application had between 1,000 and 5,000 installs when discovered.

WhatsApp Encryption Security Flaws Could Allow Snoops to Slide Into Group Chats (Wired, Jan 10 2018)
German researchers say that a flaw in WhatsApp’s group-chat feature undermines its end-to-end encryption promises.

Skygofree: Following in the footsteps of HackingTeam (Kaspersky Securelist, Jan 16 2018)
At the beginning of October 2017, Kaspersky discovered new Android spyware with several features previously unseen in the wild. In the course of further research, they found a number of related samples that point to a long-term development process. They believe the initial versions of this malware were created at least three years ago.