A Review of the Best News of the Week on AI, IoT, & Mobile Security

Vulnerabilities’ CVSS scores soon to be assigned by AI (Help Net Security, Nov 05 2018)
The National Institute of Standards and Technology (NIST) is planning to use IBM’s Watson to evaluate how critical publicly reported computer vulnerabilities are and assign an appropriate severity score.

Malware Targeting Smartphones via Three DSP Providers (Infosecurity Magazine, Oct 30 2018)
Three global demand side platform (DSP) providers were the recent targets of a malicious campaign involving third party code that enables smart malware delivery. The bad actor behind the campaign has been seen in millions of page views within the past three weeks.

Your Smartphone’s Location Data Is Worth Big Money to Wall Street (WSJ, Nov 02 2018)
They know where you are shopping. “Thasos says it can count the phone-carrying shoppers who ditch their regular grocers when a new Whole Foods opens, or gauge drilling activity by sizing up the crowds at oil-patch bars. By identifying the census block where each phone spends the night, Thasos algorithms estimate how far customers travel to malls and shoppers’ incomes.”

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

AI-Facilitated Product Aims to Stop Spear-Phishing Attacks (SecurityWeek, Oct 30 2018)
Phishing — from bulk spam phishing to more targeted spear-phishing and business email compromise (BEC) attacks — is the number one attack vector faced by business today.

RoboCops: AI on the rise in policing to predict crime and uncover lies (Naked Security – Sophos, Nov 01 2018)
As Motherboard reported in June, PredPol says its software can predict which crimes will happen in areas as small as 500×500 feet, based on historical crime data. That data is fed into an algorithm that spits out predictions of where similar crimes will occur next.

IoT device authentication options (Microsoft Azure Blog, Oct 24 2018)
“In this blog post, I’m going to discuss the authentication types supported by the Azure IoT Hub Device Provisioning Service and Azure IoT Hub. There are other authentication methods out there, but these are the ones we have found to be the most widely used.”

Most CIOs say IoT will become a major burden (Help Net Security, Nov 02 2018)
This is mostly because 78% of CIOs said there is a risk that their organization will roll-out IoT strategies without having a plan or solution in place to manage the performance of the complex cloud ecosystems that underpin IoT rollouts.

Securing Connected Cars: How to Create a Cost-Effective, Secure In-Vehicle Network Backbone (SecurityWeek, Nov 06 2018)
The U.S. Department of Transportation recently announced that the latest round of autonomous driving regulations will be released this summer. Dubbed AV 3.0, the new policy will set federal guidelines for how autonomous and assisted driving solutions need to work on public roads.

Children’s apps contain an average of 7 third-party trackers, study finds (Naked Security – Sophos, Nov 06 2018)
When it comes tracking mobile app users, internet advertising companies like to start them young, according to a new University of Oxford study.

Fake Telegram Apps to Spy on Iranians (, Nov 06 2018)
Once installed, some of these Telegram “clones” have access to mobile devices’ full contact lists and messages, even if the users are also using the legitimate Telegram app. In the case of phony Instagram apps, the malicious software sends full session data back to backend servers, which allows the attacker to take full control of the account in use.

iOS Lockscreen Bypass Abuses New Group FaceTime Feature (SecurityWeek, Oct 31 2018)
Just hours after Apple announced the availability of a new FaceTime feature in iOS, iPhone enthusiast Jose Rodriguez, known for his YouTube channel videosdebarraquito, found a way to bypass a device’s lockscreen by abusing the newly introduced functionality.

Apple Patches Passcode Bypass, FaceTime Flaws in iOS (SecurityWeek, Oct 31 2018)
Security updates released by Apple on Tuesday for its macOS, iOS, tvOS, watchOS, Safari, iCloud and iTunes products address tens of new vulnerabilities.

Spooky miasmic gas bricks hospital iPhones (mwah ha ha ha) (Naked Security – Sophos, Oct 31 2018)
Earlier this month, an IT admin at Morris Hospital near Chicago started receiving complaints that dozens of staff iPads, iPhones, and Apple Watches had suddenly stopped working.

Symantec Acquires Appthority, Javelin Networks (SecurityWeek, Nov 05 2018)
Symantec on Monday announced the acquisition of mobile application security firm Appthority and Active Directory protection company Javelin Networks.