A Review of the Best News of the Week on AI, IoT, & Mobile Security
Germany to Consult US Over Huawei Security Fears: Merkel (SecurityWeek, Mar 12 2019)
German Chancellor Angela Merkel said Tuesday Berlin would consult Washington over using technology made by China’s Huawei in future mobile phone networks, following reports of US threats to reduce intelligence cooperation.
Research Firm Offers $3 Million for iOS, Android 0-Days (SecurityWeek, Mar 11 2019)
Vulnerability research firm Crowdfense has launched a new 0-day acquisition program and is promising payouts of up to $3 million for full-chain, previously unreported exploits.
The Prototype iPhones That Hackers Use to Research Apple’s Most Sensitive Code (Motherboard, Mar 06 2019)
Very few people have heard of them, but “dev-fused” iPhones sold on the grey market are one of the most important tools for the best iOS hackers in the world.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.
#RSAC: AI – Lightning in a Bottle, or Burning Down the House? (Infosecurity Magazine, Mar 05 2019)
“What’s critical now is the impact of adversarial machine learning on malware classification and other cyber-defense models.” Clearly, we must recognize that using AI as the foundation of defense requires a different approach, said Grobman. “Understanding the cost of false positives is critical, because false positives can have catastrophic results.
New study: The state of AI in the enterprise (Google Cloud Blog, Mar 01 2019)
A surprising 82 percent of our respondents told us they’ve already gained a financial return from their AI investments. But that return is not equal across industries. Technology, media, and telecom companies, along with professional services firms, have made the biggest investments and realized the highest returns. In contrast, the public sector and financial services, with lower investments, lag behind.
Machine Learning Can Use Tweets to Spot Critical Security Flaws (Wired, Mar 11 2019)
Researchers built an AI engine that uses tweets to predict the severity of software vulnerabilities with 86 percent accuracy.
McAfee shows how deepfakes can circumvent cybersecurity (VentureBeat, Mar 07 2019)
McAfee’s Steve Grobman and Celeste Fralick showed in a keynote speech at RSA that deepfakes can be used to craft visuals that didn’t happen.
#RSAC: How Machine Learning Can Bolster Email Threat Detection (Infosecurity Magazine, Mar 07 2019)
Machine learning is an important detection tool, but it’s not a silver bullet
US Army clarifies its killer robot plans (Naked Security – Sophos, Mar 11 2019)
The US Army has been forced to clarify its intentions for killer robots after unveiling a new program to build AI-powered targeting systems last month.
Leaky ski helmet speakers expose conversations and data (Naked Security – Sophos, Mar 06 2019)
Chips 2.0 speakers are the perfect accessory for any on-trend skier. There’s just one problem: Everyone else can listen in too.
Windows IoT Core exploitable via ethernet (Naked Security – Sophos, Mar 05 2019)
Microsoft’s IoT version of Windows is vulnerable to an exploit that could give an attacker complete control of the system.
RSA – IoT security meets SMB (WeLiveSecurity, Mar 06 2019)
Some tips that businesses can do to get better at it without breaking the bank…
IoT Anomaly Detection 101: Data Science to Predict the Unexpected (Dark Reading, Mar 07 2019)
Yes! You can predict the chance of a mechanical failure or security breach before it happens . Here’s how.
IoT devices using CoAP increasingly used in DDoS attacks (Help Net Security, Mar 08 2019)
The most common type of attack utilising many of these weapons is a reflective amplification attack through which attackers spoof a target’s IP address and send out requests for information to vulnerable servers that then send amplified responses back to the victim’s IP address overwhelming the capacity of the target’s servers.
#RSAC: Fixing the Mess of IoT Security (Infosecurity Magazine, Mar 11 2019)
A front-end vulnerability on a smart hot tub can control the temperature and the jets, but a back-end service provider delivers services to other devices like vehicles and medical equipment. How do we address these systemic flaws? It requires recognizing where the flaws are coming from, such as default credentials or not separating different clien
Hackable car alarms leave three million cars at risk of hijack (Graham Cluley, Mar 08 2019)
Millions of car owners were left at risk of having their vehicles stolen, because of the poor security of third-party app-connected car alarms.
As Phones Get Harder to Hack, Zero Day Vendors Hunt for Router Exploits (Motherboard, Mar 07 2019)
Obtaining vulnerabilities for fully up-to-date mobile phones is getting harder. So companies that sell exploits to governments are increasingly looking for attacks that target internet routers instead, with one company paying up to $100,000.
Companies Having Trouble Translating Security to Mobile Devices (Dark Reading, Mar 07 2019)
As more enterprise work takes place on mobile devices, more companies are feeling insecure about the security of their mobile fleet, according to a new Verizon report.
Growing mobile cybersecurity incidents spur plans for increased security investment (Help Net Security, Mar 08 2019)
…according to the Verizon Mobile Security Index 2019 (MSI), 1 in 3 companies admitted they’d suffered a compromise in which a mobile device played a role. In fact, according to the Verizon report, the number of companies admitting they’d suffered a compromise in which a mobile device played a role went up from 27% in the 2018 report to 33% this time around.
Facebook phishing campaign hitting iOS users (SC Magazine, Mar 11 2019)
A new phishing campaign targeting mainly iOS users asking them to login in with their Facebook account and give away their credentials. The report by Myki said the attackers create fake copies of legitimate sites to attract victims. The victim is then asked to login in using his or her social media credentials, like Facebook.