A Review of the Best News of the Week on AI, IoT, & Mobile Security
UScellular Breach Allowed Hackers to Port Customer Phone Numbers (SecurityWeek, Jan 29 2021)
Chicago-based wireless carrier UScellular started informing customers last week that their personal information may have been accessed and their phone numbers ported as a result of a data breach.
Wormable Android malware spreads via WhatsApp messages (WeLiveSecurity, Jan 26 2021)
“Download This application and Win Mobile Phone”, reads the message attempting to trick users into downloading a fake Huawei app
Apple Patches Three iOS Zero-Day Vulnerabilities (Dark Reading, Jan 27 2021)
New iOS 14.4 update available for iPhones and iPads.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
AWS is the first global cloud service provider to comply with the new K-ISMS-P standard (AWS Security Blog, Jan 25 2021)
“We’re excited to announce that Amazon Web Services (AWS) has achieved certification under the Korea-Personal Information & Information Security Management System (K-ISMS-P) standard (effective from December 16, 2020 to December 15, 2023).”
Artificial Intelligence Takes Center Stage Early in 2021 (eWEEK, Jan 28 2021)
AI is the most significant technology of the last 30 years, and its innovation is accelerating in the early part of 2021.
How AI powers safer video conferencing and collaboration (SC Media, Jan 28 2021)
Video conferencing tools like Zoom grew in importance during the pandemic last year. Today’s columnist, Devin Redmond of Theta Lake, writes about how AI will transform how security teams can more effectively manage these collaboration platforms.
Comparing different AI approaches to email security (Darktrace Blog, Feb 02 2021)
AI has fundamentally changed email security in recent years, but there is significant distinction to be made in the application of the technology which may determine genuine and future-proof protection from a backward-looking model incapable of catching novel attacks.
Global IoT in manufacturing market size to reach $1.0388 billion by 2026 (Help Net Security, Jan 27 2021)
The global IoT in manufacturing market size is projected to reach $1.0388 billion by 2026, from $567.2 million in 2020, according to Valuates Reports. Major factors driving the growth of IoT in manufacturing market size are the growing need for centralized monitoring and predictive maintenance of manufacturing infrastructure, agile production, operational efficiency, and increasing adoption of the cloud.
Firms with exposed IoT have a higher concentration of other security problems (SC Media, Jan 29 2021)
Exposed enterprise IoT devices can be an indicator of security issues to come, with firms sporting exposed devices having a 62% higher density of other security problems, new research shows. For example, companies with exposed IoT are more than 50% more likely to have email security issues, according to a new report and blog post…
CISOs increasingly focus on mitigating mobile security risks (Help Net Security, Jan 28 2021)
The emergence of the everywhere enterprise has shifted CISO priorities away from combating network security threats and towards mitigating mobile security risks, Ivanti reveals. 87% CISOs surveyed agreed that mobile devices have become the focal point of their cybersecurity strategies, and 80% CISOs stated that passwords are no longer an effective means of protecting enterprise data, as hackers are increasingly targeting remote workers and mobile devices.
Apple to Crack Down on Tracking iPhone Users in Early Spring (SecurityWeek, Jan 28 2021)
Apple says it will roll out a new privacy control in the spring to prevent iPhone apps from secretly shadowing people. The delay in its anticipated rollout aims to placate Facebook and other digital services that depend on such data surveillance to help sell ads.
Return to SMS as Security Feature (Infosecurity Magazine, Jan 28 2021)
Use of SMS as security feature grows by over 100% during pandemic
Apple Adds ‘BlastDoor’ to Secure iPhones From Zero-Click Attacks (SecurityWeek, Jan 28 2021)
Apple has quietly added several anti-exploit mitigations into its flagship mobile operating system in what appears to be a specific response to zero-click iMessage attacks observed in the wild.
Many European CISOs Shift Focus to Mobile Security: Survey (SecurityWeek, Jan 28 2021)
A majority of chief information security officers (CISOs) in Europe said their cybersecurity strategy now focuses on mobile devices as a result of employees increasingly working remotely due to the pandemic, IT management and cybersecurity solutions provider Ivanti said in a report published this week.
New iMessage Security Features (Schneier on Security, Jan 29 2021)
Apple has added added security features to mitigate the risk of zero-click iMessage attacks. Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a “significant refactoring of iMessage processing” that severely cripples the usual ways exploits are chained together for zero-click attacks.
Google Play bans open source Matrix client Element, citing “abusive content” (Ars Technica, Jan 30 2021)
Banning a Matrix client for content is really no different from banning a Web browser.
Securing BYOD at the height of the work-from-home era (SC Media, Feb 01 2021)
Underscoring the global nature of the pandemic, a Madagascar man works from home last year on a laptop. Today’s columnist, Darren Guccione of Keeper Security, offers tips for organizations to lock down BYOD devices during the work-from-home era.
Artist Tricks TikTok Into Hosting a 71 Minute-Long Video (VICE, Jan 29 2021)
TikTok took down an artist’s feature film-length post because it violated its “community guidelines.”
Apple Fixes One of the iPhone’s Most Pressing Security Risks (Wired, Jan 30 2021)
By hardening iMessage in iOS 14, the company has effectively cut off what had been an increasingly popular line of attack.
Facebook makes the case for activity tracking to iOS 14 users in new pop-ups (Ars Technica, Feb 01 2021)
In a new test, Facebook pre-empts Apple’s required prompt with its own.