A Review of the Best News of the Week on AI, IoT, & Mobile Security
Android Ransomware Has Picked Up Some Foreboding New Tricks (Wired, Oct 08 2020)
While it’s still far more common on PCs, new research shows that mobile ransomware has undergone a worrying evolution.
C&C Panels of 10 IoT Botnets Compromised by Researchers (SecurityWeek, Oct 09 2020)
At the Virus Bulletin Conference last week, two security researchers explained how they were able to compromise the command and control (C&C) panels of 10 Internet of Things (IoT) botnets.
How AI detected a hacker hiding in an energy grid within hours of deployment (Darktrace Blog, Oct 09 2020)
Darktrace’s AI can identify the subtle signs of threat, even when the initial intrusion occurs prior to its deployment. This blog shows how by looking at a critical real-world detection at a European energy organization.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Share today’s post on Twitter Facebook LinkedIn
In the era of AI, standards are falling behind (Help Net Security, Oct 13 2020)
According to a recent study, only a minority of software developers are actually working in a software development company. This means that nowadays literally every company builds software in some form or another. As a professional in the field of information security, it is your task to protect information, assets, and technologies.
Hacked Voice Remote Becomes Listening Device (Infosecurity Magazine, Oct 07 2020)
Vulnerability makes Comcast XR11 voice remote a listening device for bad actors
Most enterprises struggle with IoT security incidents (Help Net Security, Oct 09 2020)
The ongoing global pandemic that has led to massive levels of remote work and an increased use of hybrid IT systems is leading to greater insecurity and risk exposure for enterprises. According to new data released by Cybersecurity Insiders, 72% of organizations experienced an increase in endpoint and IoT security incidents in the last year, while 56% anticipate their organization will likely be compromised due to an endpoint or IoT-originated attack with the next 12…
How to Pinpoint Rogue IoT Devices on Your Network (Dark Reading, Oct 12 2020)
Researchers explain how security practitioners can recognize when a seemingly benign device could be malicious.
Chrome 86 delivers more security features for mobile users (Help Net Security, Oct 07 2020)
Google has released Chrome 86 for desktop and mobile, which comes with several new and improved security features for mobile users, including: New password protections Enhanced Safe Browsing Easier password filling Mixed form warnings and mixed downloads warnings/blocks
Android’s October 2020 Security Update Patches 48 Vulnerabilities (SecurityWeek, Oct 07 2020)
The October 2020 security updates for Android patch a total of 48 vulnerabilities, including critical-severity flaws that affect Qualcomm closed-source components.
Securing mobile devices, apps, and users should be every CIO’s top priority (Help Net Security, Oct 07 2020)
More than 80% of global employees do not want to return to the office full-time, despite 30% employees claiming that being isolated from their team was the biggest hindrance to productivity during lockdown, a MobileIron study reveals.
New Family of Deceptive Gaming Apps Discovered (Infosecurity Magazine, Oct 08 2020)
Researchers detect large family of gaming apps that deceive users with out-of-context ads
Microsoft Warns of Android Ransomware Abusing Notification Services (SecurityWeek, Oct 08 2020)
Microsoft warned users on Thursday that it has spotted a sophisticated piece of Android ransomware that abuses notification services to display a ransom note.
Latest Version of MalLocker Android Ransomware Packs New Tricks (Dark Reading, Oct 09 2020)
Like most such mobile malware, the new one doesn’t encrypt data but attempts to make an infected system impossible to use, Microsoft says.