A Review of the Best News of the Week on AI, IoT, & Mobile Security
Private Israeli spyware used to hack journalists, activists worldwide (WAPO, Jul 19 2021)
Military-grade spyware licensed by an Israeli firm to governments for tracking terrorists and criminals was used in attempted and successful hacks of 37 smartphones belonging to journalists, human rights activists, business executives and two women close to murdered Saudi journalist Jamal Khashoggi, according to an investigation by The Washington Post and 16 media partners.
IoT malware attacks rose 700% during the pandemic (Help Net Security, Jul 20 2021)
Zscaler released a study examining the state of IoT devices left on corporate networks during a time when businesses were forced to move to a remote working environment. The report analyzed over 575 million device transactions and 300,000 IoT-specific malware attacks blocked over the course of two weeks in December 2020 – a 700% increase when compared to pre-pandemic findings.
The Pentagon Is Bolstering Its AI Systems—by Hacking Itself (Wired, Jul 19 2021)
A new “red team” will try to anticipate and thwart attacks on machine learning programs
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~20,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
US to Seek Global Rules on AI misuse, Blinken Says (SecurityWeek, Jul 14 2021)
The United States will seek global rules on how to prevent misuse of artificial intelligence, Secretary of State Antony Blinken said Tuesday, as he renewed warnings against Russia over hacking.
3 million smiles during the pandemic – the retrospective (Elie on Internet Security and Privacy., Jul 16 2021)
Retrospective of my attempt to make people smile during the COVID pandemic by performing magic tricks online for 32 weeks in a row.
7 Ways AI and ML Are Helping and Hurting Cybersecurity (Dark Reading, Jul 19 2021)
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
WhatsApp Has a Secure Fix for One of Its Biggest Drawbacks (Wired, Jul 14 2021)
Starting with a beta that launches today, you’ll no longer have to route all your messages through your smartphone.
iOS zero-day let SolarWinds hackers compromise fully updated iPhones (Ars Technica, Jul 14 2021)
WebKit flaw was exploited when government officials clicked on LinkedIn messages.
Protect your smartphone from radio-based attacks (Help Net Security, Jul 19 2021)
By now, most of us are aware that smartphones are powerful computers and should be treated as such. It’s not a coincidence that most of the security tips given to smartphone users – such as refraining from opening suspicious links or downloading untrusted apps – also apply to PCs.
Bug hunters asked to probe Microsoft Teams mobile apps, can earn up to $30k (Help Net Security, Jul 20 2021)
Microsoft’s Applications Bounty Program has been extended to cover Microsoft Teams mobile apps, and bug hunters can earn up to $30,000 for reports about specific vulnerabilities. Microsoft Teams: A popular business solution Microsoft Teams is an enterprise communication and collaboration platform that provides workspace one-on-one and group chat, videoconferencing, VoIP, file sharing and storage, and meetings.
Apple iPhone patches are out – no news if recent Wi-Fi bug is fixed (Naked Security – Sophos, Jul 20 2021)
Remember that weird iPhone Wi-Fi bug from a week or so ago? Let’s hope this update patches it!
Researchers: Apple Quietly Patched 0-Click Wi-Fi Code Execution Vulnerability in iOS (SecurityWeek, Jul 20 2021)
Apple in early 2021 quietly patched an iOS vulnerability that could lead to remote code execution when connecting to a Wi-Fi access point that had a specially crafted SSID.