A Review of the Best News of the Week on AI, IoT, & Mobile Security

Zoom – any malicious website could enable camera (Jonathan Leitschuh – Medium, Jul 8 2019)
A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.

D-Link agrees to new security monitoring to settle FTC charges (Ars Technica, Jul 02 2019)
Agreement settles charges D-Link left users open to critical and widespread threats.

Huawei staff CVs reveal alleged links to Chinese intelligence agencies (The Telegraph, Jul 08 2019)
Huawei staff admitted to having worked with Chinese intelligence agencies in a “mass trove” of employment records leaked online, according to an analysis of the files.

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

NIST Sets Draft Guidelines for Government AI (Dark Reading, Jul 08 2019)
This is the first formal step in writing the standards that will guide the implementation of AI technologies within the federal government.

Facebook, Instagram & WhatApp Outage Reveals AI Image Tags (Infosecurity Magazine, Jul 05 2019)
Users were shown grey boxes with text describing what was in the image

AI for Fraud Detection to Triple by 2021 (Infosecurity Magazine, Jul 08 2019)
Half of orgs plan to increase anti-fraud tech budgets over next two years

Toyota’s Car-Hacking Tool Now Available (Dark Reading, Jul 02 2019)
PASTA’ hardware and software kit now retails for $28,300.

IoT vendor Orvibo gives away treasure trove of user and device data (Naked Security – Sophos, Jul 03 2019)
Researchers at web privacy review service vpnMentor discovered the data in an exposed ElasticSearch server online. It contains two billion items of log data from devices sold by Shenzen, China-based smart IoT device manufacturer Orvibo.

Open Sesame! Zipato’s smart hub hacked to open front doors (Naked Security – Sophos, Jul 04 2019)
The Zipato controller has three critical security flaws which could be used together by hackers to open your home’s doors for you, according to researchers.

Patch Android! July 2019 update fixes 9 critical flaws (Naked Security – Sophos, Jul 03 2019)
Depending on when users receive it, this week’s Android’s July patch update will fix 33 security vulnerabilities, including 9 marked critical, and 24 marked high.

Huawei Remains Blocked From US 5G: White House Trade Advisor (SecurityWeek, Jul 02 2019)
China’s telecoms giant Huawei remains barred from the development of 5G wireless networks in the United States, a senior White House trade advisor said Tuesday.

Adware Gathers 9 Million Downloads in Google Play (SecurityWeek, Jul 02 2019)
A recently identified adware campaign has gathered over 9 million downloads via 111 infected applications distributed through Google Play, Trend Micro’s security researchers reveal.

The Latest iOS Update Will Fake Eye Contact in FaceTime (VICE, Jul 03 2019)
Apple can now correct your gaze to make it seem like you’re making direct eye contact over FaceTime, and it’s pretty creepy.

New ‘WannaHydra’ Malware a Triple Threat to Android (Dark Reading, Jul 03 2019)
The latest variant of WannaLocker is a banking Trojan, spyware tool, and ransomware.

7-Eleven Japanese customers lose $500,000 due to mobile app flaw (ZDNet, Jul 05 2019)
Hackers exploit 7-Eleven’s poorly designed password reset function to make unwanted charges on 900 customers’ accounts.

Scary Granny zombie game slurps credentials, spawns phishing attack (Naked Security, Jul 08 2019)
Halloween came a little early for some Android users this year after a horror-themed computer game was found stealing their account credentials and displaying potentially malicious ads.

Android App Publishers Won’t Take ‘No’ for an Answer on Personal Data (Dark Reading, Jul 08 2019)
Researchers find more than 1,000 apps in the Google Play store that gather personal data even when the user has denied permission.