We don't need more InfoSec analysts: We need analysts to train AI infrastructures to detect attacks

We don’t need more InfoSec analysts: We need analysts to train AI infrastructures to detect attacks

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Everyone says there is an information security talent gap. In fact, some sources say the demand for security professionals exceeds the supply by a million jobs. Their argument is basically this: attacks are not being detected quickly or often enough, and the tools are generating more alerts than can be investigated, so we need more people to investigate those alarms.

Makes sense, right?

Wrong.

We believe that, even if companies aroaund the world miraculously hired a million qualified InfoSec professionals tomorrow there would be no change in detection effectiveness and we would still have a “talent gap.” The problem isn’t a people issue so much as it is an InfoSec infrastructure issue.

To read this article in full or to leave a comment, please click here

We don’t need more InfoSec analysts: We need analysts to train AI infrastructures to detect attacks

Android malware that can infiltrate corporate networks is spreading

Android malware that can infiltrate corporate networks is spreading

An Android malware is spreading across app stores, including Google Play, and has the capability of stealing sensitive files from corporate networks.

DressCode, a family of Android malware, has been found circulating in at least 3,000 Trojanized apps, security firm Trend Micro said on Friday.

DressCode hides itself inside games, user interface themes, and phone optimization boosters. It can also be difficult to detect because the malicious coding only makes up a small portion of the overall app.

To read this article in full or to leave a comment, please click here

Android malware that can infiltrate corporate networks is spreading

Bounty for iOS jailbreak exploit jumps to $1.5 million

Bounty for iOS jailbreak exploit jumps to .5 million

The value for zero-day exploits targeting Apple’s iOS software is jumping. On Thursday, a company called Zerodium began offering as much as US $1.5 million for them.

Zerodium is the same company that offered $1 million last year for an exclusive iOS zero-day exploit that can remotely jailbreak a device. However, that bounty was only temporary, and it was eventually awarded last November.

Zerodium’s new $1.5 million bounty is asking for a remote jailbreak exploit targeting iOS 10. The bounty will be offered all year long, Chaouki Bekrar, the company’s CEO, said in an email. The company’s original offer was a maximum of $500,000.

To read this article in full or to leave a comment, please click here

Bounty for iOS jailbreak exploit jumps to .5 million

The Yahoo hackers weren't state-sponsored, a security firm says

The Yahoo hackers weren’t state-sponsored, a security firm says

Common criminals, not state-sponsored hackers, carried out the massive 2014 data breach that exposed information about millions of Yahoo user accounts, a security firm said Wednesday.

Yahoo has blamed state actors for the attack, but it was actually elite hackers-for-hire who did it, according to InfoArmor, which claims to have some of the stolen information.   

The independent security firm found the alleged data as part of its investigation into “Group E,” a team of five professional hackers believed to be from Eastern Europe.

To read this article in full or to leave a comment, please click here

The Yahoo hackers weren’t state-sponsored, a security firm says