A Review of the Best News of the Week on AI, IoT, & Mobile Security
What IT Leaders Expect from AI, ML in 2021 (eWEEK, Dec 15 2020)
Here are some perspectives from a selection of thought leaders across the IT world.
#BHEU: IoT Threat Hunting Detects Over One Billion Attacks (Infosecurity Magazine, Dec 11 2020)
Researchers show results of their IoT threat huntng framework
Fingerprint-Jacking’ Attack Technique Manipulates Android UI (Dark Reading, Dec 10 2020)
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
How it Works: Machine Learning Against Email Phishing (Infosecurity Magazine, Dec 14 2020)
Phishing remains one of the most fraudulent tricks that can be found in malicious email traffic
Secure enclave protection for AI and ML (Help Net Security, Dec 15 2020)
You can’t swing a virtual bat without hitting someone touting the value of artificial intelligence (AI) and machine learning (ML) technologies to transform big data and human expertise. A new generation of businesses is promising to accelerate and automate decision making. Most countries, including the United States, view AI technology as critical to retaining or establishing global business leadership.
Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack (Help Net Security, Dec 09 2020)
Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP (communications) stacks used in millions of connected devices worldwide. Collectively dubbed Amnesia:33 because they primarily cause memory corruption, these vulnerabilities may allow attackers to remotely compromise devices, execute malicious code, perform denial-of-service attacks, steal sensitive information or inject malicious DNS records to point a device to an attacker-controlled domain.
Vulnerabilities in Medtronic Product Can Allow Hackers to Control Cardiac Devices (SecurityWeek, Dec 15 2020)
Vulnerabilities discovered in Medtronic’s MyCareLink Smart 25000 Patient Reader product could be exploited to take control of a paired cardiac device.
December 2020 Android Updates Patch 46 Vulnerabilities (SecurityWeek, Dec 09 2020)
A total of 46 vulnerabilities were addressed this week with the release of the December 2020 security updates for Android.
Contact-Tracing Apps Still Expose Users to Security, Privacy Issues (Dark Reading, Dec 10 2020)
Of nearly 100 apps tested, 40% have significant security issues, using either GPS locations or bespoke Bluetooth proximity detection to determine exposure.
Apple Patches Code Execution Flaws in iOS and iPadOS (SecurityWeek, Dec 14 2020)
Apple on Monday released a major point-upgrade to its flagship iOS and iPadOS mobile operating systems to patch a handful of serious security vulnerabilities.