A Review of the Best News of the Week on AI, IoT, & Mobile Security
How Police Can Crack Locked Phones—and Extract Information (Wired, Oct 23 2020)
A report finds 50,000 cases where law enforcement agencies turned to outside firms to bypass the encryption on a mobile device.
7 Mobile Browsers Vulnerable to Address-Bar Spoofing (Dark Reading, Oct 22 2020)
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says
AI catches Maze ransomware targeting a healthcare organization (Darktrace Blog, Oct 22 2020)
Attackers are targeting increasingly high-stakes environments with ransomware. This blog post explores how AI can be used to detect and autonomously neutralize machine-speed attacks – looking in particular at how Darktrace caught Maze ransomware targeting a healthcare organization.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
How AI Will Supercharge Spear-Phishing (Dark Reading, Oct 21 2020)
To keep pace with intelligent, unpredictable threats, cybersecurity will have to adopt an intelligent security of its own.
Organizations need to understand risks and ethics related to AI (Help Net Security, Oct 26 2020)
Despite highly publicized risks of data-sharing and AI, from facial recognition to political deepfakes, leadership at many organizations seems to be vastly underestimating the ethical challenges of the technology, NTT DATA Services reveals. Just 12% of executives and 15% of employees say they believe AI will collect consumer data in unethical ways, and only 13% of executives and 19% of employees say AI will discriminate against minority groups.
IASME Consortium to Kick-start New IoT Assessment Scheme (Dark Reading, Oct 21 2020)
The IASME Consortium has been awarded a DCMS grant, enabling the UK organization to kick-start an Internet of Things (IoT) assessment scheme. IASME is looking for manufacturers interested in getting their IoT device certified cyber secure for free via the new pilot scheme.
Do Standards Exist That Certify Secure IoT Systems? (Dark Reading, Oct 20 2020)
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.
Solving IoT device security at scale through standards (Microsoft Azure Blog, Oct 19 2020)
Edge Compute Node protection profile (ECN PP)—now available—guides you to engineer, claim, evaluate, and consume device security for IoT.
Infected IoT Device Numbers Surge 100% in a Year (Infosecurity Magazine, Oct 23 2020)
Nokia data reveals almost a third of devices are now compromised
Cybercriminals Could be Coming After Your Coffee (Dark Reading, Oct 23 2020)
Researchers show no IoT device is too small to fall victim to ransomware techniques.
#NCSAM: Organizations at Higher Risk of Cyber-Attacks Due to IoT Expansion (Infosecurity Magazine, Oct 27 2020)
The rapid expansion of IoT devices on orgs networks is adding to the risk of cyber-attack
As Smartphones Become a Hot Target, Can Mobile EDR Help? (Dark Reading, Oct 21 2020)
Lookout Security debuts a mobile endpoint detection and response offering that will integrate into its mobile security platform.
The Network: How a Secretive Phone Company Helped the Crime World Go Dark (VICE, Oct 22 2020)
Vince Ramos wanted Phantom Secure to be the Uber of privacy-focused, luxury-branded phones—flood the market with devices, and sort out the law later. Then the FBI investigated him.
US Insists on Need to Ban TikTok (SecurityWeek, Oct 26 2020)
US President Donald Trump’s administration has insisted on the need to ban TikTok due to national security concerns in a new court filing ahead of a plan to make the video app unavailable on November 12.