Good afternoon, and happy Monday! Cyber threats and hackers have made their way into the news, yet again, but I will tell you about that in just a minute. First, there are a few exciting cybersecurity events coming up that I want to discuss. One of them is “Black Hat USA, Las Vegas.” The conference has technical training between August 4th through the 7th, and then August 8th and 9th will be the main conference days. This event is really cool because the trainings offer hands-on skill-building opportunities by industry experts, and the conference will give insight into the latest ground breaking research, tools, and exploits. Another event I want to mention is the “DEF CON Hacking Conference.” This will also be taking place in Las Vegas, and excitingly enough, one of our team members from NeQter Labs will be attending. DEF CON is great because it features a variety of events, contests, games, workshops, and also many speakers. That should be exciting, and hopefully some of you can make it!
NIST News
On October 18th, 2018, the National Institute of Technology, along with the DoD and the NARA, will be holding a workshop on the CUI requirements, which goes hand-in-hand with the NIST 800-171 publication. The workshop will be providing details on information regarding CUI, DFARS Safeguarding Covered Defense Information, Cyber Incident Reporting Clause, and NIST SP 800-171 and 800-171A. This event will take place in Gaithersburg, MD, but will also be available through webcast.
IoT Mishaps
First, hackers took over Alexa devices, now vacuum cleaners? What’s next? On Thursday, July 19th, there were two vulnerabilities discovered on Dongguan Diqee-branded vacuum cleaners. Apparently, the vulnerabilities allowed attackers to eavesdrop, record video, and steal private information from their victims. The vacuum cleaners feature a webcam for night-vision purposes, and the hackers found their way in by a remote code execution issue, which allowed them to remotely control the vacuum and view video and images while moving the vacuum.
New York Cybersecurity Requirements
The 23 NYCRR 500 regulations are being put into a two-year phase period, with the first deadline being September 3rd. The first phase of regulations is requiring that a cybersecurity program is established, meaning a CISO needs to be appointed, as well as other governance. The requirements state that all data containing “non-public information” needs to be secured. Insurers are panicked, as they must acquire new systems and methods to encrypt all of that information. It has been said that all organizations will prove their compliance to the Department of Finance, yearly.
Thank you for tuning in to this week’s segment of “Mondays With Miranda!” Keep up to date with current news by following NeQter Labs on Twitter, Facebook, and LinkedIn. As always, if anyone has any questions, feel free to email [email protected]. Have a great week everyone!
References
https://threatpost.com/iot-robot-vacuum-vulnerabilities-let-hackers-spy-on-victims/134179/