A Review of the Best News of the Week on AI, IoT, & Mobile Security
ParkMobile Breach Exposes License Plate Data, Mobile Numbers (Krebs on Security, Apr 12 2021)
Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, phone numbers, license plate numbers, hashed passwords and mailing addresses.
Joker Android Trojan Lands in Huawei AppGallery App Store (SecurityWeek, Apr 12 2021)
Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web.
Cybersecurity Firm Darktrace Plans London Stock-Market Listing (Bloomberg, Apr 12 2021)
The IPO is expected to value the company at about $3 billion to $4 billion, a person familiar with the matter said.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Microsoft Uses Machine Learning to Predict Attackers’ Next Steps (Dark Reading, Apr 12 2021)
Researchers build a model to attribute attacks to specific groups based on tactics, techniques, and procedures, and then figure out their next move.
March to 5G could pile on heavier security burden for IoT device manufacturers (SC Media, Apr 09 2021)
The financial burden of compliance with piling security standards could force some device manufacturers to walk away from highly regulated buyers like the Pentagon.
5G IoT market size to reach $40.2 billion by 2026 (Help Net Security, Apr 12 2021)
The 5G IoT market size is projected to grow from $2.6 billion in 2021 to $40.2 billion by 2026, at a Compound Annual Growth Rate (CAGR) of 73.0% during the forecast period, according to MarketsandMarkets. 5G networks support high bandwidth, low latency, and massive device volumes with high mobility and low bandwidth, and low-power device estates across a wide range of technologies, including 4G/5G, satellite and Wi-Fi, and low-mid-high spectrum bands.
Name:Wreck Bugs Could Impact 100M IoT Devices (Infosecurity Magazine, Apr 13 2021)
Exploitation could deny service or enable remote code execution
Fake Netflix App Luring Android Users to Malware (SecurityWeek, Apr 07 2021)
Researchers have discovered new Android malware that uses Netflix as its lure and spreads malware via auto-replies to received WhatsApp messages.
Google Patches Critical Code Execution Vulnerability in Android (SecurityWeek, Apr 07 2021)
The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component.
Bug In Mac’s Default Text App Could Let Hackers Reveal Your IP Address (VICE, Apr 07 2021)
A security researcher found a bug that could have been exploited to reveal a target’s IP address.
Continuous mobile app security protects the business and spurs innovation (SC Media, Apr 08 2021)
Researchers found a vulnerability about two years ago in the Android versions of WhatsApp and Telegram that could let hackers manipulate media files sent via the apps. Today’s columnist, Brian C. Reed of NowSecure, offers some insights on how continuous mobile app security can protect companies from similar vulnerabilities.
How Your Phone Can Get Hacked for $16 (VICE, Apr 09 2021)
Our reporter got pwned so you don’t have to be.
No password required: Mobile carrier exposes data for millions of accounts (Ars Technica, Apr 09 2021)
Q Link Wireless made data available to anyone who knows a customer’s phone number.
Unofficial Android App Store APKPure Infected With Malware (Dark Reading, Apr 09 2021)
The APKPure app store was infected with malware that can download Trojans to other Android devices, researchers report.
Over 90% of Organizations Hit by a Mobile Malware Attack in 2020 (Infosecurity Magazine, Apr 12 2021)
Check Point warns of MDM threats and chip-based bugs