Mondays With Miranda: May 29, 2018
Happy Tuesday! Due to the holiday, we are hosting “Mondays With Miranda” on Tuesday this week. Hopefully you all had a great long, Memorial Day weekend! Last week, NeQter Labs’ Sales & Marketing team attended the “DFARS Cybersecurity 2.0: The Year of Continuous Monitoring” event that was put on at Raytheon’s Freedom Theater, which they said was a great time. A few upcoming events include the Data Connectors San Antonio, Secure World Chicago, and Data Connectors Boston. Data Connectors San Antonio is taking place at the Sheraton Gunter Hotel San Antonio, in San Antonio, Texas this Thursday, May 31st, from 8:00 a.m. until 5:00 p.m and will feature 40-60 vendor exhibits and 8-12 speaker sessions that will discuss cybersecurity issues. Secure World Chicago is taking place at the Donald E. Stephens Convention & Conference Center on June 5th and will include keynote speakers Thornton May, who is a futurist, author, and professor, and Ron Winward, who is a security evangelist at Radware. Finally, Data Connectors Boston is taking place on June 14th at the Boston Park Plaza, in Boston, MA. It will run from 8:00 a.m. until 5 p.m., and will feature 40-60 vendors and 8-12 speaker sessions. These events sure sound exciting, now let’s move on to current news. Today, I’m going to talk about Tesla’s “self-driving” cars, Dell’s recent vulnerability findings, and the 500,000 routers that were attacked by Russian hackers.
Are Self-Driving Cars Worth the Risk?
Tesla has now reported another tragic accident by their semi-autonomous driving system. This marks the second fatal crash blamed on Tesla’s “Autopilot” system in the United States. On March 23rd, a driver set their Model X SUV to Autopilot mode, with the adaptive cruise control distance set to a minimum. Tesla argues that drivers must keep their hands on the wheel and monitor the road while in Autopilot mode, which is stated within the manual, as well as explained verbally when the car is purchased. Apparently, the driver in this fatal crash was reported to have not had his hands on the wheel for 6 seconds prior to the crash, and the system reportedly had given him many prior warnings and one beep to take control of the wheel again. Tesla stresses that its Autopilot system is an assistance tool, not a driver replacement. Self-driving car technology is not where it should be yet, and drivers are forgetting that they have a responsibility to “drive” the car while autopilot is enabled. The bright future of self-driving cars will continue to dim if drivers continue to misuse the features and put themselves, as well as the cars around them, in unnecessary danger.
Critical Vulnerability Found in Dell EMC’s Disaster Recovery System
Dell recently hired a penetration tester to go in and look for vulnerabilities on their devices. The tester reportedly found a total of six vulnerabilities, with the most critical being an unauthenticated remote code execution flaw that could allow total system compromise. The vulnerabilities were found in Dell’s EMC RecoverPoint devices, which are designed for backup storage. The flaws affected all versions of Dell EMC RecoverPoint before 5.1.2 and virtual machines that are on any version before 220.127.116.11. So far, three of the issues have been patched, and Dell is working to address the other three. Dell EMC said that RecoverPoint’s documentation provides warning about the insecurities regarding that particular configuration, so users are advised to set up at their own risk.
Russia Attacks 500,000 Routers
The United States and the United Kingdom have pinned the blame on Russia for a recent attack of about 500,000 home and office routers. The hackers installed a malware called VPNFilter on all 500,000 routers, across 54 countries. Most of the targets were located in Ukraine, and the devices were said to have been hacked at an “alarming rate.” The thought that researchers have behind the attack is that it’s possible the infiltrators wanted to take a giant number of users offline using a “kill switch” of sorts. Also, the malware that was used has the capability of snooping traffic that passes through the router in order to steal credentials. Researchers have also speculated that they do not think that the attack is over, as they anticipate that there may be similar attacks in future. Now would be the right time to ensure you are updating your home and work systems, and acquiring protection for them.
This concludes another installment of Monday’s with Miranda. Enjoy your short week and stay tuned for more interesting cybersecurity news and events. Follow NeQter Labs on Twitter, Facebook, and LinkedIn for current news updates.