Mandiant, a division of FireEye, has reported that it has discovered a vulnerability in a software protocol that enables hackers to gain access to audio and visual data on smart devices including baby monitors and web cameras. The protocol was created by Taiwanese Internet of Things vendor ThroughTek, and is incorporated in as many as
IoT
Security Camera Data Exposed
It should be assumed that everything connected to the Internet can be hacked and exposed, now more than ever. It is commonplace and concerning. Internet of Things (IoT) devices are often developed and sold without a focus on security, because getting the product into the market is the top priority. We have previously commented that…
New Federal Law Alert: The Internet of Things (IoT) Cybersecurity Improvement Act of 2020 – IoT Security for Federal Government-Owned Devices
There is a new federal IoT law, H.R. 1668, the IoT Cybersecurity Improvement Act of 2020, that recently passed the House and Senate and was signed by the President on December 4. The bill had 26 co-sponsors, representing Democrats and Republicans almost equally, and enjoyed bipartisan support in an era that has not seen…
U.S. Chamber of Commerce and FICO Release Security Guidelines on Telework During COVID-19
It is no secret that companies are experiencing an increase in security incidents following the transition from work in the office to work from home during the pandemic. There are a number of causes, including the difficulty of controlling the security of at-home technology equipment such as routers, printers, personal assistants and other IoT devices,…
Privacy Tip #249 – Use of Personal Assistants While Working from Home
I continue to be quite surprised at the lack of understanding that people have about personal assistants such as Alexa and Echo. It seems logical to me that when you yell out “Alexa, turn on the lights!” Alexa is using voice recognition technology to recognize your voice for the command and is processing that command…
IoT Manufacturers – What You Need to Know About California’s IoT Law
California has a privacy law that took effect on January 1, 2020, and it’s not the California Consumer Privacy Act (CCPA). This new privacy law regulates Internet of Things (IoT)-connected devices. SB 327 was enacted in 2018 and became effective on January 1, 2020. The California IoT law requires manufacturers of connected devices to equip…
Energy Sector’s Reliance on IoT Increases Cyber Vulnerabilities
CyberX recently released its 2020 Global IoT/ICS Risk Report (Report), which compiles survey questions and answers from 1,821 production networks of electric utilities, and oil and gas companies. Although the Report admitted that oil and gas companies and electric utilities tend to be ahead of the curve on cybersecurity compared to other sectors, they are…
Cybersecurity and the Electric Grid – New GAO Report Identifies Actions Needed to Address Cybersecurity Risks
The United States Government Accounting Office (GAO) recently issued a report on the cybersecurity risks facing the electric grid. The GAO reviewed the cybersecurity of the electric grid to determine the risks and challenges facing the grid, to describe federal efforts to address those risks, to assess the extent to which the Department of Energy…
New Threat to Companies: Warshipping
It is so hard to keep up with the latest ways the bad guys try to infiltrate company data. One new technique is called warshipping, and its implementation is pretty simple and a little old school.
IBM X-Force Red investigated the technique to give its customers an idea of the newest threats to enterprise systems.…
Privacy Tip #202 – Check the Privacy Settings on Your Phone Frequently
I once again had the pleasure of presenting Cybersecurity for Tax Professionals at the IRS Nationwide Tax Forum today. The conference is designed for tax professionals in small- to medium-sized businesses. It is always a lively bunch, but following the afternoon session, a crowd of folks got in line to chat more, and they were…