Simjacker – Next Generation Spying

Over Your Mobile Device

(Note :The tag along video player and/or randomly inserted ad blocks or statements/links are not part of this article. They are aggravating and a hindrance to the continuity of the article.  I apologize for the aggravation. I have no control over their placement in the body of this article.)

TWiT Tech Podcast Network

9.17.19

Introducing: “Simjacker” a new SIM card flaw, discovered being actively exploited in the wild, which allows attackers to hijack any phone just by sending it an SMS message. Security Now’s Steve Gibson has all the details. Hosts: Leo Laporte, Steve Gibson

Watch the full episode of Security Now: https://twit.tv/sn/732 

You can find more about TWiT and subscribe to our full shows at https://twit.tv/shows/

Subscribe: https://twit.tv/subscribe      Products we recommend: https://twit.to/amazon

Follow us: https://twit.tv/

https://twitter.com/TWiT

https://www.facebook.com/TWiTNetwork

https://www.instagram.com/twit.tv/

Simjacker – Next Generation Spying

Over Mobile

12th Sep 2019, by Cathal McDaid

https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile

Today we are announcing the existence of the vulnerability and associated exploits that we call Simjacker.  We believe this vulnerability has been exploited for at least the last 2 years by a highly sophisticated threat actor in multiple countries, primarily for the purposes of surveillance. Other than the impact on its victims, from our analysis, Simjacker and its associated exploits is a huge jump in complexity and sophistication compared to attacks previously seen over mobile core networks. It represents a considerable escalation in the skillset and abilities of attackers seeking to exploit mobile networks.   

We will be giving technical details on Simjacker during the Virus Bulletin Conference, London, 3rd October 2019 but in this blog we will give an overview of Simjacker, how it works and who is potentially exploiting it, as well as why it is such a significant new type of attack.

Example of how Simjacker can track mobile phone location of vulnerable subscribers.

How it Works

At its simplest, the main Simjacker attack involves a SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the UICC (SIM Card) within the phone to ‘take over’ the mobile phone , in order to retrieve and perform sensitive commands.

The attack begins when a SMS – that we term the Simjacker ‘Attack Message’ – is sent to the targeted handset. This Simjacker Attack Message, sent from another handset, a GSM Modem or a SMS sending account connected to an A2P account, contains a series of SIM Toolkit (STK) instructions, and is specifically crafted to be passed on to the UICC/eUICC (SIM Card) within the device. In order for these instructions to work, the attack exploits the presence of a particular piece of software, called the S@T Browser - that is on the UICC.  Once the Simjacker Attack Message is received by the UICC, it uses the S@T Browser library as an execution environment on the UICC, where it can trigger logic on the handset. For the main attack observed, the Simjacker code running on the UICC requests location and specific device information (the IMEI) from the handset. Once this information is retrieved, the Simjacker code running on the UICC then collates it and sends the combined information to a recipient number via another SMS (we call this the ‘Data Message’), again by triggering logic on the handset. This Data Message is the method by which the location and IMEI information can be exfiltrated to a remote phone controlled by the attacker.

During the attack, the user is completely unaware that they received the SMS with the Simjacker Attack message, that information was retrieved, and that it was sent outwards in the Data Message SMS – there is no indication in any SMS inbox or outbox. 

What makes this Attack work and why is it Special?

The attack relies both on these specific SMS messages being allowed, and the S@T Browser software being present on the UICC in the targeted phone. Specific SMS messages targeting UICC cards have been demonstrated before on how they could be exploited for malicious purposes. The Simjacker attack takes a different approach, and greatly simplifies and expands the attack by relying on the S@T Browser software as an execution environment. The S@T (pronounced sat) Browser – or SIMalliance Toolbox Browser  to give it its full name – is an application specified by the SIMalliance, and can be installed on a variety of UICC (SIM cards), including eSIMs. This S@T Browser software is not well known, is quite old, and its initial purpose was to enable services such as getting your account balance through the SIM card. Globally, its function has been mostly superseded by other technologies, and its specification has not been updated since 2009, however, like many legacy technologies it is still been used while remaining in the background. In this case we have observed the S@T protocol being used by mobile operators in at least 30 countries whose cumulative population adds up to over a billion people, so a sizable amount of people are potentially affected. It is also highly likely that additional countries have mobile operators that continue to use the technology on specific SIM cards.

This attack is also unique, in that the Simjacker Attack Message could logically be classified as carrying a complete malware payload, specifically spyware. This is because it contains a list of instructions that the SIM card is to execute. As software is essentially a list of instructions, and malware is ‘bad’ software, then this could make the Simjacker exploit the first real-life case of malware (specificially spyware) sent within a SMS. Previous malware sent by SMS – such as the incidents we profiled here - have involved sending links to malware, not the malware itself within a complete message.

Beyond Location

However, the novelty and potential of Simjacker does not stop there. Retrieving a person’s location is one thing, but by using the same technique, and by modifying the attack message, the attacker could instruct the UICC to execute a range of other attacks. This is because using the same method the attacker has access to the complete STK command set, some examples of these STK commands are:

• PLAY TONE
• SEND SHORT MESSAGE
• SET UP CALL
• SEND USSD
• SEND SS
• PROVIDE LOCAL INFORMATION
  • Location Information, IMEI, Battery, Network, Language, etc
• POWER OFF CARD
• RUN AT COMMAND
• SEND DTMF COMMAND
• LAUNCH BROWSER
• OPEN CHANNEL
  • CS BEARER, DATA SERVICE BEARER, LOCAL BEARER, UICC SERVER MODE, etc
• SEND DATA
• GET SERVICE INFORMATION
• SUBMIT MULTIMEDIA MESSAGE
• GEOGRAPHICAL LOCATION REQUEST

By using these commands in our own tests, we were able to make targeted handsets open up web browsers, ring other phones, send text messages and so on. These attacks could be used to fulfil such purposes as

• Mis-information (e.g. by sending SMS/MMS messages with attacker controlled content)
• Fraud (e.g. by dialling premium rate numbers),
• Espionage (as well as the location retrieving attack an attacked device it could function as a listening device, by ringing a number),
• Malware spreading (by forcing a browser to open a web page with malware located on it)
• Denial of service (e.g by disabling the SIM card)
• Information retrieval (retrieve other information like language, radio type, battery level etc.)

It even may be possible to go even further – depending on handset type – which we will discuss in our VB2019 presentation. Worryingly, we are not the only people to think of these additional attacks, over the last few weeks and months we have observed the attackers themselves experiment with these different capabilities.

Finally, another benefit of Simjacker from the attacker’s perspective is that many of its attacks seems to work independent of handset types, as the vulnerability is dependent on the software on the UICC and not the device. We have observed devices from nearly every manufacturer being successfully targeted to retrieve location: Apple, ZTE, Motorola, Samsung, Google, Huawei, and even IoT devices with SIM cards. One important note is that for some specific attacks handset types do matter. Some, such as setting up a call, require user interaction to confirm, but this is not guaranteed and older phones or devices with no keypad or screens (such as IoT device) may not even ask for this.

Who is Doing this

The next question then is who is exploiting this, and why? We are quite confident that this exploit has been developed by a specific private company that works with governments to monitor individuals. As well as producing this spyware, this same company also have extensive access to the SS7 and Diameter core network, as we have seen some of the same Simjacker victims being targeted using attacks over the SS7 network as well, with SS7 attack methods being used as a fall-back method when Simjacker attacks do not succeed. So far, we have seen phone numbers from several countries being targeted by these attacks and we are very certain that individuals in other countries have also been targeted via Simjacker attacks. Using our collection of Signalling Intelligence (SIGIL) we were able to correlate this Simjacker-related SS7 activity with a group we have already detected attempting to attack targets via SS7 means around the world.

In one country we are seeing roughly 100-150 specific individual phone numbers being targeted per day via Simjacker attacks, although we have witnessed bursts of up to 300 phone numbers attempting to be tracked in a day, the distribution of tracking attempts varies. A few phone numbers, presumably high-value, were attempted to be tracked several hundred times over a 7-day period, but most had much smaller volumes. A similar pattern was seen looking at per-day activity, many phone numbers were targeted repeatedly over several days, weeks or months at a time, while others were targeted as a once-off attack. These patterns and the number of tracking indicates it is not a mass surveillance operation, but one designed to track a large number of individuals for a variety of purposes, with targets and priorities shifting over time. The ‘first use’ of the Simjacker method makes sense from this viewpoint, as doing this kind of large volume tracking using SS7 or Diameter methods can potentially expose these sources to detection, so it makes more sense to preserve those methods for escalations or when difficulties are encountered.

Blocking the Attacks and Thinking Long-term

In order to deal with this vulnerability, we and the mobile industry have been taking a number of steps.

1. We have been working with our own mobile operator customers to block these attacks, and we are grateful to their assistance in helping detect this activity.
2. We also communicated to the GSM Association – the trade body representing the mobile operator community – the existence of this vulnerability. This vulnerability has been managed through the GSMA CVD program, allowing information to be shared throughout the mobile community.
3. As part of this, information was also shared to the SIM alliance, a trade body representing the main SIM Card/UICC manufacturers and they have made new security recommendations for the S@T Browser technology.

In general, our recommendations for the mobile community to deal with the immediate threat is for mobile operators to analyse and block suspicious messages that contain S@T Browser commands. Mobile Operators could also try to change the security settings of UICCs in the field remotely, or even uninstall and stop using the S@T Browser technology completely, but this may be slower and considerably more difficult to do. However, this is very much only a first step, due to the greater implications of the Simjacker attacks.

The existence of Simjacker at all means that we need to radically alter our mindset when it comes to the security of mobile core networks. We believe that the Simjacker attack evolved as a direct replacement for the abilities that were lost to mobile network attackers when operators started to secure their SS7 and Diameter infrastructure. But whereas successful SS7 attacks required specific SS7 knowledge (and access), the Simjacker Attack Message require a much broader range of specific SMS , SIM Card, Handset, Sim Toolkit , S@T Browser and SS7 knowledge to craft. This investment has clearly paid off for the attackers, as they ended up with a method to control any mobile phone in a certain country, all with only a $10 GSM Modem and a target phone number. In short, the advent of Simjacker means that attackers of mobile operators have invested heavily in new attack techniques, and this new investment and skillset means we should expect more of these kinds of complex attacks.

As a consequence, this means that we, in the mobile security community also need to improve our capabilities. For mobile operators, this also means that relying on existing recommendations will not be sufficient to protect themselves, as attackers like these will always evolve to try to evade what is put in place. Instead mobile operators will need to constantly investigate suspicious and malicious activity to discover ‘hidden’ attacks. We can and should expect other vulnerabilities and attacks that also evade existing defences to be discovered and abused. As the attackers have expanded their abilities beyond simply exploiting unsecured networks, to now cover a very complex mix of protocols, execution environments and technologies to launch attacks with, Operators will also need to increase their own abilities and investment in detecting and blocking these attacks.

The Future

We are only scratching the surface of Simjacker in this article. In our presentation at Virus Bulletin Conference, London, on the 3rd of October 2019 we will give more details on the format of the attacks, what the attackers do to attempt to evade detection and how they operate their system, along with a flavour of what has been their reaction since their attacks have been detected and blocked. We will also give our view on what we believe these attacks will evolve into next. We expect a reaction from this news being made public and we will present on what (if any) the public revelations have on their malicious activity.

The Simjacker exploit represent a huge, nearly Stuxnet-like, leap in complexity from previous SMS or SS7/Diameter attacks, and show us that the range and possibility of attacks on core networks are more complex than we could have imagined in the past. Now is the time to make sure that we stay ahead of these attacks in the future.

News Wrap: IoT Radio Telnet Backdoor

And ‘SimJacker’ Active Exploit

Author:Lindsey O’Donnell

September 13, 2019  8:50 am

Threatpost editors Tara Seals and Lindsey O’Donnell talk about the top news stories of the week – from leaky databases to SIM card attacks.

Threatpost editors break down the biggest news stories of this week ended Sept. 13, including:

• Researchers warning that more than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors
• A Telnet backdoor opened more than 1 million Imperial Dabman IoT radios to hijack
• Wikipedia and World of Warcraft being crippled for days by weekend DDoS attacks
• Microsoft addressing two zero-days under active attack during Patch Tuesday
• Two leaky databases discovered with surprising twists – one owned by DealerLeads and the other by cybercriminals

For the full podcast see below, and for direct download click here.

Below is a lightly-edited transcript of this week’s news wrap podcast.

Lindsey O’Donnell: Hi, welcome to the Threatpost news wrap podcast. You’ve got Lindsey O’Donnell here with Threatpost and I’m here today with Tara Seals, editor at Threatpost. Tara, thanks for coming on today.

Tara Seals: Thanks for having me, Lindsey.

LO: Is it already mid-September? I feel like this month is just flying by.

TS: I don’t know where the time has gone. It’s really insane. It feels like we just got back from Black Hat. But that’s not that’s not even the case. That’s crazy.

LO: Right. It’s definitely going by quickly. So this week started off with a bang with that DDoS attack over the weekend that brought down Wikipedia and some other services. And then we had Patch Tuesday. So it’s been a lot, Tara, I know that we’ve both been working starting early on Monday.

TS: Yeah. Well, I know you covered the the World of Warcraft/Wikipedia DDoS attacks which I thought were interesting because you said that they were related, right?

LO: Yeah, that was, sounded like starting on Friday night a bunch of servers went down due to the DDoS attack. And those servers were hosting some Wikipedia projects, and then yes, it was a related attack behind the World of Warcraft Classic, they were also DDoS-ed. So I’m sure that there are a lot of pissed off gamers and then also pissed off people who just wanted to search for things on Wikipedia over the weekend.

TS: Yeah, absolutely. And, it’s impactful too when you start hitting the gamers where it hurts, that’ll end up with reactions, for sure.

LO: Right, especially over the weekend when you want to take some time off and just play but doesn’t sound like that happened.

TS: Yeah, Patch Tuesday was interesting, too. That was the other thing that kind of kicked off our week and I had written a story on that and basically it was pretty quiet, honestly, compared to most Microsoft updates. But the two main things were there were two elevation of privilege vulnerabilities that Microsoft revealed, were actually under active attacks, so they were being exploited as zero days before being publicly announced on Tuesday, but they’re both local privilege escalation flaws. So, even though they’re listed as critical and that it’s definitely an issue and people need to patch them, it definitely could be worse. It’s not like it’s remote code execution or something like that.

LO: They didn’t give too many details about those two zero days did they? I mean, it sounded like they kind of said what they were, but they didn’t give too much detail around what the actual attack consisted of and who the threat actors were behind it.

TS: Yeah, no, it’s true. I mean, they said that both newer and older supported Windows versions are impacted by them. But, you know, in terms of what an actual attack would look like, or what it would take in order to carry out a working exploit, it didn’t really release a whole lot of details.

LO: Speaking of active exploits, Tara, I don’t know if you saw the SimJacker article that I wrote on Thursday, but that was a really unique story that stuck out to me about kind of a big, massive scary attack.

TS: Yeah, well , I mean, I know it’s impacting I think you said a billion users, which is certainly an eye catching headline. What’s that all about?

LO: Yes. So the researchers said that the attack potential could reach a billion users. And that’s because the attack essentially stems from a vulnerability that was discovered on mobile SIM cards. And it’s being actively exploited to track phone owners’ locations or intercept calls, and do all these other malicious actions. And what was disturbing about the attack is that from what the researchers said, all an attacker would need to do would be to send an SMS message to victims who had SIM cards with a specific technology which is called S@T browser. So that’s why they call the attack SIMjacker, because you can essentially hijack these mobile phones that use the SIM cards that have these technologies in them. So the attack itself, it stems from the S@T browser, which is a technology that’s typically used for browsing within the SIM card. And it can be used for things on the phone, like opening your browser, playing ring tones or whatnot. And in regards to the attack itself, so researchers didn’t provide super specific details, and I’m sure that they’re saving the meat of the research for when they present about it at Virus Bulletin, which they will be doing in a few weeks. But from a high level, the attack works by threat actors being able to send messages to victims that use the S@T browser functionality, and that gives them the ability to trigger proactive commands that are sent to the mobile device. So what the messages contain – and and again, this is where they didn’t delve into too much detail – but they would contain a series of SIM kit instructions. And once the SMS message is received by the victim’s SIM card, it would then use the S@T browser library as almost an execution environment and send out kind of a range of commands like surveillance requests. So it would request for the mobile devices’ location. It would also give attackers the ability to intercept calls, or like set off the ringtone, or even send messages. So just a bunch of malicious activities there. And they said that it sounds like this has been exploited over the past two years. And so it sounds like this has just been something that has been massively exploited. And they’re just figuring that out now.

TS: One of the things that I thought was kind of interesting in your story was the fact that you said that a specific private company has been seen exploiting this company that works with governments that want to monitor individuals, which, that’s never a good thing. Did you have any more details on that? Or were they being pretty cagey about that?

LO: So they were very vague about the company. And it was interesting the language that they used throughout the research, I did reach out to the researchers at AdaptiveMobile Security, who are going to be presenting this at Virus Bulletin, to ask them a little bit more to expand a bit more on the threat actor. But yeah, so they would only say in the research that it was, this, as you say, “a specific private company, working with governments to monitor individuals.” They didn’t really go into too much detail further about what that specific company was, which would have been helpful, but I feel like maybe they were pointing to someone, I’d be curious to see if in the future they kind of come out and say who this company is because that’s a pretty serious move.

TS: Absolutely. Well, I’ll be at Virus Bulletin too. So I’m gonna definitely duck into that session and see if there are more details that emerge from that.

LO: Well, yeah, I wonder if they’re going to be if they gave that company some sort of warning or something, and maybe are going to be disclosing the name at Virus Bulletin, it makes me wonder, but definitely something to be looking out for. And one other interesting aspect of the story, too, is that researchers did say, as you mentioned, that this has the potential to impact over a billion mobile phone users globally. So I then went to GSMA and asked them for a comment on this because the researchers had said that they had disclosed the vulnerability to GSMA and GSMA kind of came back and in their statement, they were kind of seeking to downplay almost the impact of the vulnerability. They said that it impacts a small minority of SIM cards, and that it’s has like a limited impact. So I thought that was kind of interesting to given that the researchers said that the S@T browser is used by mobile operators in at least 30 countries whose population adds up to over a billion people. So I hope that that’s something they expand on as well at Virus Bulletin.

TS: Yeah. It sounds like there needs to be some clarification there. For sure. Interesting.

LO: Yeah, definitely. And then one last thing about the story was that in terms of mitigation, they really didn’t offer too much detail there either around what specific mitigation that users could do to prevent this from happening, which, I think they’re probably actively working on that as we speak. But I did find that odd because, this is a case where if you’re hearing about this, you want to be able to go and prevent it from happening. So, what they did say is that you should check if your SIM card uses S@T browser technology deployed in your network and if so whether any S@T browser specific security mechanisms can be applied. So hopefully they also talk a bit more about that in October.

TS: Yeah. Yeah, for sure.

LO: But Tara, you also had a really interesting story too, as well, about IoT radios and a Telnet backdoor that really gained a lot of traction this week, too. Can you kind of expand about that?

TS: Yeah, sure. So the IoT radios are made by a company called Imperial Dabman who this is a company that’s based out of Germany, but they sell the radios globally, through Amazon, via retailers, and also eBay and some of the other aftermarket, marketplaces. So, you know, this is definitely a story that has a lot of has a lot of applicability around the world, including here in the US. And also the radios are used by corporations as well as home users. So you have both an enterprise threat here as well as a consumer threat. So that makes it kind of interesting too. But essentially, what it is, is that the radios had an open port using Telnet that which is a notoriously weak service, easily hacked. But also, in addition to just using Telnet, they also had a hard coded credentials in there that are easily uncovered using brute forcing. So that’s a problem, because that obviously opens up the radio to any remote attacker over the internet who can brute force the password.

LO: I feel like the hardcoded credentials is a classic IoT security issue that we just keep running into again and again. So it almost makes you wonder, how have companies not learned at this point?

TS: I know it really is crazy and some of the some of the comments on the story were pretty interesting. Just first of all, A, why are they still using Telnet, and B, yes the hardcore credentials. And the password in this case was actually just literally the word “password.” So insult to injury, it wasn’t even something moderately hard to guess, you probably wouldn’t even have to run an automated script to be able to brute force that you know what I mean?

LO: So did they outline kind of what a bad actor could do if they took advantage of that backdoor? And also, was this being exploited at all?

TS: Yeah, so basically, an attacker would be able to completely take over the device. And that means that they could add malware to it, they can potentially gain access to the network that it is attached to, the Wi-Fi network, because there’s a way to sniff out the encrypted Wi-Fi password if you already have access to the device itself. You can add the device to a botnet that says to carry out all kinds of massive attacks on others. Or you can also send custom audio streams to compromise devices. So if you wanted to freak somebody out. If you want to deface, say a corporate broadcast or something like that or hijack a corporate broadcast, you would be able to do that through the radios. So you know, there’s a wide range of sort of nefarious things that would be possible with an unpatched device. In terms of exploitation they weren’t sure if this has actually been carried out in the wild, but you know, it certainly this has been an ongoing situation with these IoT radios for some time. So the researchers did say that they suspect that somebody might have uncovered this before they did, but we’re just we’re not sure.

LO: Were the researchers able to get in touch with Imperial Dabman in terms of the security issues? I mean, were there any patches or mitigations at least that were unveiled?

TS: Yeah. So they didn’t say that they were going to discontinue the Telnet altogether, going forward in  new models and then they launched binary patches for existing deployments that you have to install manually. So, you know, unfortunately consumers and IT administrators alike will have to sort of actively go out, download the patch and then apply it.

LO: Uh huh. Well, that’s unfortunate, but at least – I mean, this goes to show how bad IoT security can be – but at least the vendors are doing something and got back to them.

TS: So yeah, it was better response than it has been in other instances, so, you know, but this impacts more than a million different devices, according to the researchers. So it’s not a small footprint. And so, it’s a concern, especially when it’s something that was just so easily avoidable, or maybe should have been caught in quality analysis or something along the way before they deployed these.

LO: You wrote a story that I was just reading about, what was it, almost 200 million records were exposed in, what was it? I think it was belonging to an auto company called DealerLead. It was a database that was exposing car buyer records that was kind of big.

TS: Yeah, no, this was a really interesting story, actually, for a couple of different reasons. So, you know, on the surface, it just seems like it’s just another inadvertent misconfiguration of a cloud bucket – in this case, it was an ElasticSearch database. But what was kind of interesting about it was where the information contained within that database came from, which is basically this network of websites out there that report to offer research on different makes and models of cars, or they offer a way to check local listings to see what’s available for sale, that type of thing. So consumers would go and use these websites. And apparently there were multiple, multiple, multiple websites. They didn’t actually quantify the exact number. I did reach out and ask for that, but I haven’t heard back yet. The intimation was that we’re talking 20 plus websites that all purport to have research information to help prospective car buyers figure out what they want to do, and in the background they’re harvesting all of this information, which includes loan and finance data, vehicle information, the IP addresses and fingerprints for the machines that the website visitors are using, as well as just, standard contact information like email and phone numbers and stuff like that. And so harvesting all of this stuff and sending it off to local dealerships as leads, basically, unbeknownst to the website visitors themselves, they don’t know that they’re presenting their information to be used for marketing or advertising purposes, essentially. So that’s, kind of isn’t – so it’s interesting that it’s a privacy story on a couple of different levels.

LO: Yeah, no, that is interesting. And what was that quote that was in the story, it was like “another day, another misconfigured ElasticSearch server?”

TS: Yeah.

LO: But yeah, I mean, that is kind of an interesting twist there. And that actually reminds me to of a story that I wrote, a similar story, which is that researchers found a database that was insecure that they disclosed this week that belong to a sophisticated criminal network. So I mean, it’s kind of in the same vein there about finding something that leads to something else in terms of privacy or security or in this case, cybercrime.

TS: So, yeah, that was a really interesting story, actually, that you had this misconfigured database that basically was assembled and housed on behalf of a cybercrime organization. That’s just the worm has turned you know what I mean?

LO: And the best part of it all was that the researchers who found that database also found a ransom note in the database, but said that they had extracted the information and were asking for money in return for not releasing the database to the public, so I guess, some other cyber criminals came across the database and not knowing that it was owned by other cybercriminals were trying to beat them to the punch there.

TS: That is great.

LO: Oh, boy, and well, Tara, I think we should probably wrap up here. Thanks so much for coming on to the Threatpost news wrap to talk about some of the biggest stories of the week. I know there was a lot.

TS: Yeah, there was a lot. Thanks so much for having me. It was fun to hash it out. And I’ll talk to you next time.

LO: Yeah, sounds good. And catch us next week on the Threatpost podcast.

Interested in the role of artificial intelligence in cybersecurity, for both offense and defense? Don’t miss our free Threatpost webinar, AI and Cybersecurity: Tools, Strategy and Advice, with senior editor Tara Seals and a panel of experts. Click here to register.

End.

Note:  

I do not necessarily endorse any products or services mentioned in these videos, on this web site or in any subsequent written material by the original authors of the presented material or this web site. I do not condone the use of any type of “inserted” advertising or p/u players into the body of an article, that is the site owner’s practice, not mine.  I do not intend to, nor do I, derive any profits or income from posting this material.

I may not agree with everything presented in this material , however I have probably found that there is sufficient valuable information to justify bringing it forward for you to sift through in order to expand your awareness and to trigger your desire to dig deeper to learn more about the subject matter presented. 

My posts are not meant to be polished works, they are more utilitarian, meant to be a gathering of data/info loosely pulled together to become a starting point for further investigation and research. Consider it more like semi-processed mined dirt, something still requiring further sifting to extract it’s wealth.

I do not make any claims of being the original creator or owner of the material that I generally post. My sole intent is to share and pass on information that has contributed to my awakening process.  I will normally print my two cents worth in green so as to distinguish it from the original author/creator of the posted material.

I present this material for informational, research and educational purposes only. It is not my intent to maliciously attack nor offend anybody (unless you are a Luciferian Swamp Dweller), so please develop a thicker skin, realize it is not my intent to insult, forgive me, shed it like water off a duck’s back and move on, a better person.   The material is presented for your edification, you filter it as you see fit according to your perspective. May God’s blessings and wisdom be upon you.