A Review of the Best News of the Week on AI, IoT, & Mobile Security

Taking down Gooligan part 3 — monetization and clean-up (Elie Bursztein – Google, Mar 27 2018)
This post provides an in-depth analysis of Gooligan monetization schemas and recounts how Google took it down with the help of external partners.

Too many IoT smartphone apps making life easy for online criminals (Graham Cluley, Mar 29 2018)
Warnings have been raised again about the security of the smartphone apps used to control IoT devices, with many found to be lacking elementary security and privacy measures. Researchers at Pradeo Lab looked at a representative sample of 100 mobile applications used to control a variety of IoT devices, including thermostats, electric blinds, and baby monitors.

Apple puts privacy information screens in users’ line of sight (Help Net Security, Mar 30 2018)
Apple has released the latest round of updates for its various products. They come with the usual security fixes, but also a new feature aimed at informing users about what information Apple-made apps collect about them and how that information is used.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

HPE-Aruba Expands Use of AI for Edge Computing Analytics, Security (eWEEK, Mar 28 2018)
At the company’s Atmosphere event, executives announce NetInsight for network monitoring and the acquisition of Cape Networks with its AI-based application monitoring tool.

Microsoft Excel Gains New AI-Powered Data Types (eWEEK, Mar 31 2018)
The latest Office 365 updates from Microsoft include new Excel data types that borrow from Bing’s intelligent search features.

Reducing the impact of AI-powered bot attacks (CSO Online, Apr 02 2018)
…enhanced captcha breaking systems, faster identification of vulnerabilities in existing defense systems, faster creation of new malware which can avoid detection, and more effective selection of phishing targets by collecting and processing information from a large number of different public domain sources.

Public Hearing on IoT Risks (Schneier on Security, Apr 03 2018)
The US Consumer Product Safety Commission is holding hearings on IoT risks…

Using deception to gain enterprise IoT attack visibility (Help Net Security, Mar 28 2018)
IoT devices are not open to agents for direct prevention and detection defenses and communications should be encrypted. This makes deception defenses with decoys and services for IoT devices a logical choice. Internal post-breach attacks scanning and use known IoT device access credentials or service backdoors are lured to decoys and services for detection.

Axonius goes retro to see and secure all devices (Help Net Security, Mar 27 2018)
By integrating with customers’ existing management and security technologies and using an extensible plugin infrastructure to add custom logic, customers are able to get a unified view of all devices – both known and unknown.

Hacking intelligent buildings using KNX and Zigbee networks (Help Net Security, Mar 27 2018)
Yong Yang, HuiYu Wu and YuXiang Li of the Tencent Blade Team have concentrated on probing KNX, a network communications protocol for building automation that is often used in large public places (stadiums, hotels, airports) and industrial facilities, and Zigbee, communication protocol widely used in home automation systems.

Getting Ahead of Internet of Things Security in the Enterprise (Dark Reading, Mar 28 2018)
In anticipation of an IoT-centric future, CISOs must be rigorous in shoring up defenses that provide real-time insights across all network access points.

People are really worried about IoT data privacy and security—and they should be (Network World Security, Mar 28 2018)
A new study from the Economist Intelligence Unit (EIU) shows that consumers around the world are deeply worried about in how their personal information is collected and shared by the Internet of Things (IoT).

Research Reports Reveal Concerns About IoT Risks and Microsoft Flaws (eWEEK, Mar 31 2018)
New reports shed light on the current state of ransomware payouts and also reveals concerns about IoT cyber-risks.

New Android Cryptojacker Can Brick Phones (Dark Reading, Mar 28 2018)
A little CPU power can go a long way in a criminal application. That was the lesson of the Mirai botnet and now also a lesson being applied by a new cryptojacker mining Monero user the power of the Android phone.

HiddenMiner Stealthily Drains Androids for Monero Mining (Infosecurity Magazine, Mar 28 2018)
In one case, operators withdrew over $5,000 worth of Monero from one wallet.

Apple Releases iOS 11.3, macOS 10.13.4 Updates to Improve Security (eWEEK, Mar 31 2018)
Among the patches in the Apple operating system updates is one for a vulnerability that could enable unauthorized applications to log user keystrokes.