A Review of the Best News of the Week on AI, IoT, & Mobile Security

Of ML and malware: What’s in store? (WeLiveSecurity, Sep 04 2018)
All things labeled Artificial Intelligence (AI) or Machine Learning (ML) are making waves, but talk of them in cybersecurity contexts often muddies the waters. A new ESET white paper sets out to bring some clarity to a subject where confusion often reigns supreme

Semi-annual balance of mobile security (WeLiveSecurity, Aug 29 2018)
For Android, malware detections were down 27% compared to the first half of 2017; for iOS, they decreased 15% compared to the same period last year

Air Canada confirms mobile app data breach, passport numbers were accessed (Help Net Security, Aug 30 2018)
Air Canada has suffered a data breach and is forcing a password reset on all 1.7 million users of its mobile app, though apparently only 20,000 of the mobile app accounts were accessed by the attackers.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Google’s weaponized AI hypocrisy problem (TheHill, Sep 04 2018)
Morgan Wright says while Google cancels a contract with our Department of defense, it ballyhoos its collaboration with Chinese scientists who routinely share their research with the Chinese military.

Artificial Intelligence Will Replace Tasks, Not Jobs (Forbes, Sep 04 2018)
Executives should be helping to reduce jobs in which AI and machine learning take over boring tasks, while humans spend more time with higher-level tasks.

Firestarter: Black Hat and AI… What Could Go Wrong? (Securosis, Aug 29 2018)
“we talk about how things have changed with the students we have in class, now that we’ve racked up over 5 years of running trainings on cloud security. then we delve into one of the biggest, and most confusing, trends… the mysteries of Artificial Intelligence and Machine Learning. Considering our opinions of natural intelligence, you might guess where this heads…”

Why Automation Will Free Security Pros to Do What They Do Best (Dark Reading, Aug 31 2018)
There are three reasons today’s security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.

Why the rise of AI makes “mental resilience” so important (CBS News, Sep 04 2018)
Author Yuval Harari presents and dissects some of the most pressing issues facing humanity in his new book, “21 Lessons for the 21st Century”

Alleged ‘Satori’ IoT Botnet Operator Sought Media Spotlight, Got Indicted (Krebs on Security, Sep 02 2018)
“Despite the havoc he supposedly wreaked, the accused hacker doesn’t seem to have been terribly knowledgeable about hacking,” Poulsen notes.

New Payment Tech, New Security Challenges (Infosec Island, Sep 04 2018)
Yet, it is well-known that jailbroken or rooted devices exist around the world and are easily masked from detection on a network. Payment apps must cope with this reality and keep data safe even on compromised devices, so the architecture used to build these applications becomes crucially important.

WhatsApp warns that Google Drive backups are not encrypted (Help Net Security, Aug 29 2018)
Facebook-owned WhatsApp has recently announced that, starting on November 12, 2018, Android users will be able to store their WhatsApp backups on Google Drive without the backup being counted toward Google Drive’s storage quota.

Android Devices Can Be Exploited With Decades Old-Telephone Tech (Wired, Aug 29 2018)
So-called Attention commands date back to the 80s, but they can enable some very modern-day smartphone hacks.

Hacked stalking app reveals victims’ photos, texts and location info (Naked Security – Sophos, Aug 30 2018)
Another mobile stalking app has been hacked, endangering both its customers and the victims that they spy on.

Android spyware BusyGasper has many features, but few known victims (SC Magazine, Aug 29 2018)
A newly discovered mobile malware implant nicknamed BusyGasper might leave some Android users breathless, if they knew about the unusual set of features the spyware uses to snoop on them.

Mobile Phishing Campaign Offered Free Flights (Infosecurity Magazine, Aug 31 2018)
Phishing scam offers free airfare when users share malicious link with WhatsApp contacts.

Android vulnerability exposes users data via WiFi (SC Magazine, Aug 31 2018)
Nightwatch Cybersecurity researchers identified a sensitive data exposure via Wifi Broadcast vulnerability in Android OS.

How Secure Are Popular Finance Apps on Google Play? (Infosec Island, Sep 04 2018)
“All of the finance apps we studied had at least one critical vulnerability, as well as medium and low security risks. ll of the finance apps we studied had at least one critical vulnerability, as well as medium and low security risks.”