A Review of the Best News of the Week on AI, IoT, & Mobile Security
AI can alter geospatial data to create deepfake geography (Help Net Security, Apr 29 2021)
A fire in Central Park seems to appear as a smoke plume and a line of flames in a satellite image. Colorful lights on Diwali night in India, seen from space, seem to show widespread fireworks activity. Both images exemplify what a University of Washington-led study calls “location spoofing.” The photos – created by different people, for different purposes – are fake but look like genuine images of real places.
Microsoft warns of damaging vulnerabilities in dozens of IoT operating systems (SC Media, Apr 30 2021)
The flaws affect at least 25 different products made by more than a dozen organizations, including Amazon, ARM, Google Cloud, Samsung, RedHat, Apache and others.
Apple reports 2 iOS 0-days that let hackers compromise fully patched devices (Ars Technica, May 03 2021)
Webkit flaws in just-released iOS 14.5 lets attackers execute malicious code.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
How AI is Mishandled to Become a Cybersecurity Risk (eWEEK, Apr 29 2021)
The rapid evolution of artificial intelligence algorithms has turned this technology into an element of critical business processes. The caveat is that there is a lack of transparency in the design and practical applications of these algorithms, so they can be used for different purposes.
The Edge Pro Tip: Protect IoT Devices (Dark Reading, May 03 2021)
As Internet-connected devices become more prevalent in organizations, security issues increase as well.
BadAlloc’ Flaws Could Threaten IoT and OT Devices: Microsoft (Dark Reading, Apr 29 2021)
More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices.
Lawyer Asks For New Trial After Cellebrite Vulnerability Discovery (VICE, Apr 27 2021)
“The Cellebrite evidence was heavily relied upon by the State in its argument, and was crucial to its case,” the motion reads.
“Since the trial, severe defects have been uncovered in the Cellebrite devices,” it adds, pointing to the findings from Signal.
FluBot Malware’s Rapid Spread May Soon Hit US Phones (Dark Reading, Apr 28 2021)
The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam.
Worldwide 5G enterprise market to reach $10.9 billion by 2027 (Help Net Security, Apr 28 2021)
The 5G enterprise market is expected to grow from $2.1 billion in 2021 to $10.9 billion by 2027, at a CAGR of 31.8%, ResearchAndMarkets predicts. Sub-6 GHz to hold a major share of the 5G enterprise market Sub-6 GHz held a larger market share in 2020 as it offers an amalgamation of coverage and capacity benefits to 5G users.