News

News

• July 08, 2016 08 Jul'16

  Risk & Repeat: More critical Symantec vulnerabilities emerge

  In this Risk & Repeat podcast, SearchSecurity editors discuss a new Google Project Zero report on yet another round of critical Symantec vulnerabilities.

• July 07, 2016 07 Jul'16

  New EU GDPR privacy regulation set to take effect in 2018

  As the new General Data Protection Regulation privacy regulation looms, many firms face new rules and challenges to protect the privacy of EU citizens, regardless of location.

• July 07, 2016 07 Jul'16

  Android full-disk encryption is flawed enough for government work

  Vulnerabilities on devices with Qualcomm chipsets can allow Android full-disk encryption to be bypassed by malicious actors or law enforcement.

• July 06, 2016 06 Jul'16

  FBI says Hillary Clinton's email setup was irresponsible, not illegal

  The FBI gave a scathing review of Hillary Clinton's email setup, using personal servers for sensitive federal information, but deemed her actions were not illegal.

• July 01, 2016 01 Jul'16

  House Homeland Security Committee proposes encryption debate commission

  The House Homeland Security Committee officially proposed the creation of a commission to study both sides of the encryption debate and provide official recommendations.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• July 01, 2016 01 Jul'16

  Enterprise encryption strategies rise as firms' use of encryption grows

  Report: Enterprise encryption is on the rise as firms embrace use of encryption strategies; also, new Bart ransomware, IRS drops e-file PIN tool, and more.

• June 30, 2016 30 Jun'16

  The healthcare industry is making it far too easy for hackers

  Hospitals and healthcare organizations are far too vulnerable to cyberattacks, and a recent healthcare security study shows the issue isn't just outdated legacy technology -- medical professionals ...

• June 29, 2016 29 Jun'16

  Nearly 10 million hospital patient records for sale on dark web market

  Nearly 10 million patient records have been posted for sale on a dark web market, putting the personally identifiable information of many at risk for abuse.

• June 29, 2016 29 Jun'16

  Google Project Zero exposes more critical Symantec vulnerabilities

  A raft of new Symantec and Norton antivirus vulnerabilities exposed by Google Project Zero are 'as bad as it gets,' according to Tavis Ormandy: RCE, no user interaction and wormable.

• June 27, 2016 27 Jun'16

  Intel reportedly considering selling its security business

  New reports suggest Intel may be looking into selling off its security business, and experts are unclear whether it means Intel's McAfee acquisition has gone sour.

• June 27, 2016 27 Jun'16

  NASCAR race team hit with ransomware attack

  Hit by a ransomware attack, a NASCAR race team paid to restore data worth millions, then called on Malwarebytes to secure their systems -- and Malwarebytes joined up as a sponsor.

• June 24, 2016 24 Jun'16

  Cyber attribution relies on human intelligence, not technical info

  Experts said human intelligence was the key to the cyber attribution effort for the Democratic National Committee attack, which confirmed Russian agents were to blame.

• June 24, 2016 24 Jun'16

  FBI surveillance access with National Security Letter unchanged, for now

  U.S. Senate fails to pass National Security Letter regulation to enhance warrantless FBI surveillance access to metadata, including email headers and browser history.

• June 22, 2016 22 Jun'16

  Activists, DOJ spar over Rule 41 changes to enhance FBI searches

  EFF and privacy activists oppose Rule 41 changes, while the Department of Justice claims the changes do not alter 'traditional protections' under the Fourth Amendment.

• June 21, 2016 21 Jun'16

  Acer's e-commerce website hit by a customer data breach

  Computer maker Acer was hit by a customer data breach of its e-commerce website, leaving approximately 34,500 customers' contact and payment information exposed for about a year.

• June 20, 2016 20 Jun'16

  CIA chief denies encryption backdoor effect on U.S. business

  The director of the CIA denied that a government-mandated encryption backdoor would have an effect on U.S. business, but experts said the statement ignores the global market.

• June 17, 2016 17 Jun'16

  DNC hack raises questions about cyber attribution methods

  The hack of the Democratic National Committee has called into question methods for cyber attribution after the alleged attacker comes forward.

• June 17, 2016 17 Jun'16

  FBI facial recognition systems draw criticism over privacy, accuracy

  GAO report blasts FBI facial recognition programs over privacy and accuracy concerns; FBI systems offer access to over 411 million photos from federal and state sources.

• June 17, 2016 17 Jun'16

  What Symantec's acquisition of Blue Coat says about the CASB market

  Symantec's $4.65 billion acquisition of Blue Coat Systems could lead to a dramatic shift at the antivirus vendor, but what does the deal mean for the cloud access security broker space?

• June 16, 2016 16 Jun'16

  Russian hacker arrests linked to ransomware and exploit kit shutdowns

  The Lurk group hacker arrests in Russia came at the same time as the shutdown of a major exploit kit, ransomware family and botnet, but no one is sure if it is coincidence or causation.

• June 15, 2016 15 Jun'16

  SAP vulnerability, reported in 2010, finally patched

  SAP vulnerability patched, finally: The Java flaw was originally patched in 2010 but became the subject of an unprecedented US-CERT alert in May.

• June 15, 2016 15 Jun'16

  Ransomware worm raises concerns for enterprise security

  In this Risk & Repeat podcast, SearchSecurity editors break down the discovery of the ZCryptor ransomware worm and what it means for future ransomware threats.

• June 14, 2016 14 Jun'16

  Adobe Flash zero-day overshadows June 2016 Microsoft Patch Tuesday

  Microsoft's June 2016 Patch Tuesday release is not the most important of the day according to experts, instead another Adobe Flash zero-day vulnerability gets the spotlight.

• June 14, 2016 14 Jun'16

  Ransomware attack, education highlight 2016 Information Security Summit

  User education, ransomware attacks and cyberliability insurance are among the hot topics for infosec attendees at the annual 2016 Information Security Summit.

• June 13, 2016 13 Jun'16

  Symantec acquisition of Blue Coat shakes up security industry

  Symantec agreed to acquire Blue Coat Systems for $4.65 billion, with Blue Coat CEO Greg Clark taking over as new CEO of the combined company.

• June 10, 2016 10 Jun'16

  Mozilla Secure Open Source Fund to aid developers with audits

  Mozilla created the Secure Open Source Fund to help developers perform security audits on software in an effort to reduce the potential of another Heartbleed or Shellshock.

• June 10, 2016 10 Jun'16

  Ransomware attack hits UCalgary as CryptXXX devs up their game

  As the University of Calgary contends with a ransomware attack, the actors behind CryptXXX are rolling out patches and upgrades and attackers are shifting from Angler to Neutrino EK.

• June 09, 2016 09 Jun'16

  TeamViewer hacks have everyone placing blame

  A rash of TeamViewer hacks has led to confusion concerning what the issues are and who is responsible for user security in this case.

• June 09, 2016 09 Jun'16

  Petraeus slams encryption backdoors, supports Apple

  Speaking at the Cloud Identity Summit, Gen. David H. Petraeus blasted the FBI's recent efforts to compel Apple to break the company's own encryption protection.

• June 08, 2016 08 Jun'16

  SWIFT banking system boosts security following cyberattacks

  Following a number of attacks on the SWIFT banking system that led to the theft of millions of dollars, SWIFT promised new rules to improve security for bank transfers.

• June 07, 2016 07 Jun'16

  Angler exploit kit skips Microsoft EMET to subvert Flash, Silverlight

  FireEye researchers spotted the Angler exploit kit bypassing the current Microsoft EMET version 5.5 security tool running on Windows 7 to subvert Flash and Silverlight.

• June 03, 2016 03 Jun'16

  SandJacking attack enables installation of rogue apps on iOS devices

  Roundup: The new SandJacking attack technique allows attackers with physical access to iOS devices to install rogue apps. Plus, more on medical software security and Privacy Shield obstacles.

• June 02, 2016 02 Jun'16

  Crypto-confusion: The search for the real bitcoin creator continues

  In this Risk & Repeat podcast, SearchSecurity editors discuss Craig Wright's failed effort to prove he is bitcoin creator Satoshi Nakamoto and what that means for cryptocurrency.

• June 02, 2016 02 Jun'16

  Lack of bug bounty programs won't deter cyber extortion attacks

  IBM reports 30 'bug poaching' cyber extortion attacks in the past year, as black hat hackers aim to "help" enterprises by exploiting SQL injection vulnerabilities.

• June 01, 2016 01 Jun'16

  Microsoft warns of rare ransomware worm

  Microsoft warned users of a rare ransomware worm affecting older versions of Windows, but experts are wary of the recommended mitigation technique.

• May 27, 2016 27 May'16

  House Reps tackle Rule 41 to limit government hacking

  US Reps. Poe and Conyers join Sen. Wyden's fight against changes to Rule 41 that would remove limits on government hacking, introduce companion bill to quash changes.

• May 27, 2016 27 May'16

  'Ingenious' attack mixes memory deduplication with Rowhammer

  Researchers demonstrated an exploit that combines rare attacks on memory deduplication and Rowhammer in order to allow an adversary access to read or write system memory.

• May 27, 2016 27 May'16

  RSA: Cloud visibility, analytics crucial to enterprises

  RSA's Rashmi Knowles spoke with SearchCloudSecurity about enterprises struggling with security visibility, and how analytics and data science can help.

• May 26, 2016 26 May'16

  Retiring obsolete SHA-1 and RC4 cryptographic algorithms, SSLv3 protocol

  Microsoft speeds deprecation of SHA-1, Google dropping support for RC4, SSLv3, as web software publishers approach end of life for obsolete cryptographic algorithms and protocols.

• May 26, 2016 26 May'16

  New spec aims to improve DNS privacy with TLS

  In order to stop metadata snooping by law enforcement and hackers, a proposed spec aims to improve DNS privacy with TLS.

• May 24, 2016 24 May'16

  Lieu, Hurd school House colleagues on cyberhygiene, defense

  Former computer science majors Lieu and Hurd wrote to their U.S. House of Representatives colleagues, urging improved awareness of cyber risks and cyberhygiene.

• May 24, 2016 24 May'16

  Paul Vixie on IPv6 NAT, IPv6 security and Internet of Things

  Internet pioneer Paul Vixie spoke with SearchSecurity about IPv6 NAT, IPv6 and the Internet of Things, and the long, thankless path to deploying IPv6.

• May 24, 2016 24 May'16

  Sorry Mr. Snowden -- encryption isn't the only path to security

  Encryption shouldn't be used to protect people from themselves, especially if it gets in the way of innovation.

• May 24, 2016 24 May'16

  Android N security updates leave unanswered questions

  Google unveiled the next version of its mobile OS, and Android N security will be improved in a few ways, although Google still can't fix OS updates.

• May 20, 2016 20 May'16

  Senate bill would quash unlimited Rule 41 government hacks

  Rule 41 changes face bipartisan opposition in Senate with the Wyden-Paul bill to rein in the expansion of authority to let the government hack unlimited numbers of devices with a single warrant.

• May 19, 2016 19 May'16

  ImageMagick calls into question responsible disclosure reporting

  The ImageTragick bug raises questions over responsible disclosure, as the flaw in the ImageMagick image-processing library exposes millions of websites to remote code execution.

• May 19, 2016 19 May'16

  TeslaCrypt master key release confounds experts

  In a move that surprised and confused experts, the TeslaCrypt master key was released, effectively killing the ransomware.

• May 18, 2016 18 May'16

  Android clickjacking attack research updated but questions remain

  New research claims more than 95% of Android devices are vulnerable to clickjacking attacks, but the true danger may not be that severe.

• May 18, 2016 18 May'16

  Paul Vixie on the glibc bug, Internet crime and more

  Internet pioneer Paul Vixie spoke with SearchSecurity about Internet crime, the glibc bug and other pervasive vulnerabilities that may never be eradicated.

• May 17, 2016 17 May'16

  Google Project Zero discloses dangerous Symantec vulnerability

  Google Project Zero disclosed a Symantec vulnerability that can be exploited with zero interaction and was described being as bad as it can possibly get.

• May 13, 2016 13 May'16

  EMM software on every device? MobileIron makes the case

  MobileIron's enterprise mobile management software wasn't installed on the iPhone of San Bernardino shooter Syed Rizwan Farook. Was that the right move?

• May 13, 2016 13 May'16

  FBI asked for responsible disclosure of Tor vulnerability

  A court filing is asking the FBI for responsible disclosure of the Tor vulnerability used to exploit the Tor browser and de-anonymize users during a criminal investigation.

• May 13, 2016 13 May'16

  Google insider data breach exposed employee personal info

  Roundup: Google experiences an insider data breach, but the data leakage is cleaned up by a conscientious benefits manager. Plus, the FDIC reports five 'major' incidents, and more.

• May 13, 2016 13 May'16

  DHS warns on actively exploited SAP Java vulnerability

  DHS US-CERT warns of a patched SAP Java vulnerability from 2010 that has enabled breaches at three dozen global enterprises due to configuration issues.

• May 12, 2016 12 May'16

  Senate asks President Obama for a cyber act-of-war definition

  A new bill from the Senate asked President Obama for a cyber act-of-war definition in order to enable a proper response following a cyberattack.

• May 12, 2016 12 May'16

  EU regulatory critics, Rule 41 pose threat to Privacy Shield

  The new Privacy Shield framework for transatlantic data flows faces challenges from Article 29 Working Party criticism, as well as U.S. changes to Rule 41 for computer searches.

• May 11, 2016 11 May'16

  Ransomware warning issued to Congress following attack

  Representatives in Congress have received a ransomware warning following an increased number of attacks perpetrated via phishing schemes.

• May 10, 2016 10 May'16

  May 2016 Patch Tuesday: IE zero-day patch tops the list

  Microsoft's May 2016 Patch Tuesday takes aim at an IE zero-day vulnerability, which experts say is the top priority, as well as a couple server-side flaws to keep an eye on.

• May 10, 2016 10 May'16

  U.S. intelligence agencies cut off from Twitter firehose

  Twitter ordered its business partner Dataminr to cut off the Twitter firehose feed access for U.S. intelligence agencies, but experts expect the NSA won't miss much.

• May 06, 2016 06 May'16

  Commercial code riddled with open source vulnerabilities

  Roundup: Customers, vendors both unaware of unpatched open source vulnerabilities in commercial software. Plus OpenSSL patches, warrantless wiretaps and more.

• May 05, 2016 05 May'16

  DARPA to build a cyber attribution system to ID criminals

  DARPA has decided to take on one of the most difficult tasks in cybersecurity -- building a cyber attribution system to be able to identify attackers and maybe prevent attacks.

• May 03, 2016 03 May'16

  Craig Wright fails, again, to prove he's the bitcoin creator

  Craig Wright's second attempt to prove he's the bitcoin creator, Satoshi Nakamoto, was debunked after fooling the mainstream press, but his motives are still a mystery.

• April 29, 2016 29 Apr'16

  Apple/FBI battle continues over iPhone vulnerabilities

  More fallout from the Apple/FBI conflict: The second iPhone suit was dropped; the FBI can't provide details of a tool used to unlock the San Bernardino shooter's phone.

• April 28, 2016 28 Apr'16

  PCI DSS 3.2 focuses on encryption and multifactor authentication

  PCI DSS 3.2 marks the start of refining the payment data regulations, rather than minor changes, and includes requirements to strengthen encryption and multifactor authentication.

• April 26, 2016 26 Apr'16

  Verizon DBIR 2016 shows we haven't learned how to improve security

  The 2016 Verizon DBIR skimps on data breach analysis and instead focuses on common issues, such as phishing, vulnerability management and access controls, which are still befuddling IT pros.

• April 26, 2016 26 Apr'16

  Simple, yet undetectable Windows AppLocker bypass discovered

  A Windows command-line utility dating back to XP, Regsvr32, reportedly enables a simple and virtually undetectable Windows AppLocker whitelist bypass.

• April 22, 2016 22 Apr'16

  'Going dark' battle moves to Congressional encryption hearing

  Experts face off in Congress over 'going dark' encryption debate, stake out positions on security, privacy and government access; polls show support for strong encryption.

• April 21, 2016 21 Apr'16

  Oracle patches now more critically rated with CVSS 3.0

  Oracle patches 136 security flaws in various products and a number of vulnerabilities were rated more critical because of a switch to CVSS 3.0.

• April 21, 2016 21 Apr'16

  JBoss vulnerability highlights dangers of unpatched systems

  Up to 3.2 million servers with unpatched JBoss vulnerability from 2010 are open to spread ransomware through networks; experts urge keeping up with software patches to stay safe.

• April 21, 2016 21 Apr'16

  Google's second Android Security Report is a mixed bag

  The second annual Android Security Report details a number of ways Google has been working to improve security on its mobile platform but also highlights persistent problems.

• April 19, 2016 19 Apr'16

  Apple won't patch zero days so uninstall QuickTime now

  DHS says users need to uninstall QuickTime for Windows immediately as Apple quietly sends the software to its end of life following the disclosure of two zero-day flaws.

• April 15, 2016 15 Apr'16

  Microsoft fights to notify users of FBI surveillance

  Microsoft has sued the Department of Justice in an effort to be allowed to notify users of FBI surveillance requests; expert worried about continuous surveillance.

• April 15, 2016 15 Apr'16

  Burr-Feinstein draft bill fuels encryption debate

  The encryption debate continues with release of the official draft of Burr-Feinstein 'Compliance with Court Orders Act of 2016' mandating court order compliance.

• April 14, 2016 14 Apr'16

  Badlock vulnerability proves a bust for responsible disclosure

  The much-hyped Badlock bug is still important to patch, but raised issues with celebrity vulnerability promotion and responsible disclosure of security vulnerabilities.

• April 12, 2016 12 Apr'16

  April 2016 Patch Tuesday: Badlock isn't a priority

  Microsoft's April 2016 Patch Tuesday includes a patch for Badlock, a vulnerability which experts call "overhyped," but the most important patches may need extra care to apply.

• April 12, 2016 12 Apr'16

  WordPress SSL now free for hosted sites, thanks to Let's Encrypt

  Customers with hosted sites will now have WordPress SSL turned on for free by default, thanks to Let's Encrypt certificates, potentially making a large number of websites more secure.

• April 08, 2016 08 Apr'16

  Encrypted messaging for all, as WhatsApp encryption announced

  WhatsApp encryption was turned on for all types of messaging, including group chats, which advanced the conversation on 'going dark,' as new encryption legislation draft goes public.

• April 08, 2016 08 Apr'16

  Vulnerability branding becomes another marketing tool

  Vulnerability branding was once a practice that elevated understanding of flaws and potentially led to better remediation, but now serves as little more than marketing for security researchers.

• April 07, 2016 07 Apr'16

  OSVDB shutdown leaves questions for vulnerability databases

  OSVDB shutdown, blamed on lack of community support and engagement, raises questions about whether open source vulnerability databases can work and how they can be improved.

• April 05, 2016 05 Apr'16

  Gmail BREACH attack gets much faster but still easy to stop

  Security researchers updated BREACH attack that would allow a Facebook Messenger or Gmail breach to be performed much faster, but the overall risk is limited.

• April 01, 2016 01 Apr'16

  Apple-FBI suit dropped, but crypto wars continue

  Roundup: After the Apple-FBI suit, ACLU reports U.S. ramping up crypto wars with All Writs suits for at least 63 iOS, Android devices; Senator Wyden stands up for strong crypto.

• April 01, 2016 01 Apr'16

  Can cybersecurity spending protect the U.S. government?

  CNAP articulates the right things, as many U.S. government cyber initiatives do, but what has captured the attention of the Beltway is the billion-dollar budget proposals.

• April 01, 2016 01 Apr'16

  What endpoint protection software is on your short list?

  Roughly half of survey respondents indicated that their organization is shifting away from static scanning as the primary protection for endpoints.

• March 31, 2016 31 Mar'16

  Ransomware vaccine promises protection, but experts are wary

  A new ransomware vaccine promises to protect against infections by popular ransomware variants like Locky and TeslaCrypt, but experts are wary about implementation and security.

• March 31, 2016 31 Mar'16

  Badlock flaw hits Samba, Windows and responsible disclosure

  The serious Badlock vulnerability in Windows and Samba, announced three weeks prior to patches, triggers a debate over responsible disclosure of software flaws.

• March 29, 2016 29 Mar'16

  Report: 1.5 million Verizon Enterprise customer records stolen

  Krebs on Security reports 1.5 million customer contact records were swiped from Verizon Enterprise Solutions and offered for sale on Dark Web; customers are at risk for phishing attacks.

• March 29, 2016 29 Mar'16

  DOJ finds successful iPhone crack; drops backdoor bid, for now

  The DOJ found a successful iPhone crack to access the San Bernardino, Calif., terrorist's device and dropped the pending legal action against Apple, but only in that one case.

• March 25, 2016 25 Mar'16

  Congress considers 'going dark' encryption legislation

  Roundup: Sens. Dianne Feinstein and Richard Burr seek support for an encryption legislation draft, as U.S. politicians consider their options to address the 'going dark' problem.

• March 25, 2016 25 Mar'16

  Outbreak of ransomware attacks hit hospitals, enterprises

  A series of ransomware attacks have been reported at hospitals in the U.S. and Canada, leading to experts recommending automated backup for enterprises.

• March 24, 2016 24 Mar'16

  FBI iPhone backdoor case on hold, as potential hack surfaces

  The FBI iPhone backdoor case was put on hold temporarily, as reports surfaced of a possible hack that would allow FBI access without the help of Apple.

• March 21, 2016 21 Mar'16

  Stagefright exploit created with reliable ASLR bypass

  Researchers have developed a Stagefright exploit, which could mean hundreds of millions of Android devices are at risk, despite mitigations and an available patch.

• March 18, 2016 18 Mar'16

  Apple court filing challenges iPhone backdoor as rhetoric heats up

  The rhetoric about the iPhone backdoor from Apple and the FBI has gotten more intense as Apple challenged the FBI in court by calling its motion unconstitutional.

• March 18, 2016 18 Mar'16

  Google boosts HTTPS, Certificate Transparency to encrypt Web

  Roundup: Google pushes efforts on HTTPS, Certificate Transparency and more to safeguard the Web with encryption, while other tech firms are eyeing more, stronger encryption.

• March 18, 2016 18 Mar'16

  Automated penetration testing prototype uses machine learning

  A team created a prototype machine learning vulnerability scanner that can think like a human in order to perform automated penetration testing.

• March 16, 2016 16 Mar'16

  Phishing campaign takes ransomware attacks to a global scale

  Research has uncovered ransomware attacks that begin with a sophisticated phishing campaign hitting users around the globe.

• March 16, 2016 16 Mar'16

  Java vulnerability report strains responsible disclosure

  A security researcher reports Oracle's 30-month-old failed patch for a Java vulnerability, and experts suggest it was an irresponsible disclosure, despite frustration with Oracle's patching process.

• March 11, 2016 11 Mar'16

  DROWN attack: TLS under fire again

  News roundup: DROWN attack affects millions of servers with an SSLv2 vulnerability; the Home Depot breach lawsuit settlement is pending; and Chinese smartphone-maker ZTE is sanctioned.

• March 09, 2016 09 Mar'16

  Crowdsourced vulnerability patching could save us all

  Patching systems can be time-consuming and troublesome, so one expert suggests crowdsourced vulnerability patching to make the process faster and easier.

• March 08, 2016 08 Mar'16

  March 2016 Patch Tuesday highlights Windows 10 security

  Microsoft's March 2016 Patch Tuesday release has put Windows 10 security on display for good and bad, experts say.

• March 04, 2016 04 Mar'16

  AI may soon find and patch a software bug automatically

  The cybersecurity industry is getting closer to artificial intelligence that can find and patch software bugs automatically, but that same tech could lead to autonomous hacking.