A Review of the Best News of the Week on AI, IoT, & Mobile Security
Judge allows suit against AT&T after $24 million crypto theft (Ars Technica, Jul 23 2019)
It’s usually not possible to reverse fraudulent cryptocurrency transactions.
Sophisticated Android spyware toolset ‘Monokle’ linked to sanctioned Russian defense contractor (SC Magazine, Jul 24 2019)
A company that was sanctioned by the U.S. government for allegedly helping Russia interfere with the 2016 elections has developed an advanced set of offensive spyware tools with functionality that researchers claim they have never before witnessed in real-life attack campaigns. Dubbed Monokle, the spyware toolset was actually developed as far back as 2015, according…
Why Huawei Matters (Privacy, Power, & Protection In The Cyber Century, Jul 29 2019)
It’s the second in my “Projectionist” series. The series is ultimately about power and the great forces and constraints shaping our world. I’m going to talk about 5G, Huawei, China and the consideration the UK and her allies are giving to the use of Huawei’s products in national mobile networks.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
How IoT Opens the Door for Insider Attacks Against Industrial Infrastructure (SecurityWeek, Jul 24 2019)
For manufacturers, improving security often means building better defenses against malware, botnets and other external threats. What may be further from their minds, however, are the threats that come from within the organization.
Mirai-Based Botnet Launches Massive DDoS Attack on Streaming Service (SecurityWeek, Jul 26 2019)
A Mirai-based botnet has recently launched a massive, 13-day long distributed denial of service (DDoS) attack on a single online service, Imperva reveals.
Four Arrested Over Hacking of Brazil Justice Minister’s Phone (SecurityWeek, Jul 23 2019)
Brazilian federal police arrested four people Tuesday over the hacking of cell phones belonging to Justice Minister Sergio Moro and prosecutors involved in a massive corruption probe.
Android Malware ‘Triada’ Most Active on Telco Networks (Dark Reading, Jul 25 2019)
Google in May disclosed that several Android devices had been shipped pre-installed with the RAT.
U.S. Warns of 5G Wireless Network Security Risks (SecurityWeek, Jul 24 2019)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an infographic underlining some of the risk factors associated with 5G wireless networks.
Intel’s smartphone modem business to be acquired by Apple (Help Net Security, Jul 28 2019)
Intel and Apple have signed an agreement for Apple to acquire the majority of Intel’s smartphone modem business. Approximately 2,200 Intel employees will join Apple, along with intellectual property, equipment and leases. The transaction, valued at $1 billion, is expected to close in the fourth quarter of 2019, subject to regulatory approvals and other customary conditions, including works council and other relevant consultations in certain jurisdictions.
Uptick in Ransomware, Mobile Banking Malware (Infosecurity Magazine, Jul 26 2019)
Attackers are finding success using old vulnerabilities in 2019.
Android Enterprise Receives ISO 27001 Stamp (SecurityWeek, Jul 26 2019)
Google this week has revealed that Android Enterprise has received ISO 27001 security certification.
Android ransomware is back (WeLiveSecurity, Jul 29 2019)
ESET researchers discover a new Android ransomware family that attempts to spread to victims’ contacts and deploys some unusual tricks
Black Hat Q&A: Cracking Apple’s T2 Security Chip (Dark Reading, Jul 30 2019)
Duo Labs’ Mikhail Davidow and Jeremy Erickson speak about their research on the Apple T2 security chip, and why they’re sharing it at Black Hat USA.
Fake Version of WhatsApp Giving ‘Free Internet’ (Infosecurity Magazine, Jul 29 2019)
A scam impersonating WhatsApp tricks users into spreading the fraudulent app in exchange for free internet.
Hackers target Telegram accounts through voicemail backdoor (Naked Security – Sophos, Jul 30 2019)
As politicians should know by now, secure messaging apps such as Telegram can quickly become a double-edged sword.
Listening in: Humans hear the private info Siri accidentally records (Naked Security – Sophos, Jul 30 2019)
Apple Watch and HomePod have the highest rate of inadvertent recordings, a whistleblower says.
Google found a way to remotely attack Apple iOS devices by sending a boobytrapped iMessage (Graham Cluley, Jul 30 2019)
Thankfully the vulnerabilities, which could most likely have been sold to an intelligence agency for millions of dollars, were responsibly disclosed to Apple in May so that they could be addressed and fixed within the 90-day disclosure deadline imposed by Google.