A Review of the Best News of the Week on AI, IoT, & Mobile Security
Zxyel Flaw Powers New Mirai IoT Botnet Strain (Krebs on Security, Mar 20 2020)
“In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai, a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity.”
Russia’s FSB wanted its own IoT botnet (Naked Security – Sophos, Mar 24 2020)
If you thought the Mirai botnet was bad, what about a version under the control of Russia’s military that it could point like an electronic cannon at people it didn’t like?
Surveillance Firm Says It’s Selling ‘Coronavirus-Detecting’ Cameras in US (Vice, Mar 24 2020)
Athena Security previously sold a system that it claims can detect weapons in video feeds. Now it says it’s applying a similar approach to spotting fevers.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
How to Accelerate Machine-Learning Model Development in the Enterprise (eWEEK, Mar 23 2020)
An enterprise can take six to 18 months to deploy a single machine learning model to production. By that time, requirements can change, and time and energy are lost. Continuous development can be an answer to this problem.
AI efforts are maturing from prototype to production, but obstacles remain (Help Net Security, Mar 23 2020)
More than half of enterprises are in the “mature” phase of AI adoption – defined by those currently using AI for analysis or in production – while about one third are evaluating AI, and 15% report not doing anything with AI, an O’Reilly survey reveals. These numbers demonstrate growth when compared with O’Reilly’s 2019 report, which found just 27% of organizations in the “mature” adoption phase and 54% in the evaluation phase.
Darktrace’s co-CEO on trusting AI to fight cyberattacks on our behalf (The Next Web, Mar 23 2020)
Darktrace’s co-CEO on trusting AI to fight cyberattacks on our behalf The Next Web
Hacking Voice Assistants with Ultrasonic Waves (Schneier on Security, Mar 23 2020)
“I previously wrote about hacking voice assistants with lasers. Turns you can do much the same thing with ultrasonic waves…”
Have you patched your IoT devices against the KrØØk Wi-Fi chip flaw? (Graham Cluley, Mar 23 2020)
Unpatched IoT gadgets, smartphones, tablets, laptops, Wi-Fi access points and routers with Broadcom chips are all at risk from the KrØØk vulnerability.
Google Advanced Protection users get new protections against Android malware (Help Net Security, Mar 19 2020)
Google has announced the rollout of two new non-negotiable security features for Android users who have also enrolled in the company’s Advanced Protection Program (APP). What is the Advanced Protection Program? In late 2017, Google decided to provide additional security for those who are at an elevated risk of targeted attacks – e.g., journalists, human rights and civil society activists, campaign staffers, people in abusive relationships, etc….
Android surveillanceware operators jump on the coronavirus fear bandwagon (Ars Technica, Mar 18 2020)
An 11-month-old surveillance campaign is the latest to exploit pandemic fears.
Android Surveillance Campaign Leverages COVID-19 Crisis (SecurityWeek, Mar 19 2020)
Amid numerous malicious attacks leveraging the current COVID-19 coronavirus crisis, security researchers have discovered an Android surveillance campaign targeting users in Libya.
Google Play Store Played Again – Tekya Clicker Hides in 24 Children’s Games and 32 Utility Apps (Check Point Research, Mar 24 2020)
Although Google has taken steps to secure its Play store and stop malicious activity, hackers are still finding ways to infiltrate the app store and access users’ devices. Millions of mobile phone users have unintentionally downloaded malicious apps that have the ability to compromise their data, credentials, emails, text messages, and geographical location. For example, in February 2020, the Haken malware family was installed in over 50,000 Android devices by eight different malicious apps, all of which initially appeared to be safe.
Huawei employs arguments used by U.S. firms to challenge FCC crackdown on supply-chain security (Inside Cybersecurity, Mar 24 2020)
Chinese tech giant Huawei is citing arguments used by U.S. telecom and broadband companies to bolster its own challenge to the Federal Communications Commission’s efforts to force the replacement of China-sourced components from the nation’s networks in building out 5G systems.