Collaborate Disseminate
A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director Chris Wray confirmed on Wednesday. “We executed court-authorized operati… Continue reading FBI forced Flax Typhoon to abandon its botnet
Five years ago, security researcher Fernandez Ezequiel discovered a vulnerability (CVE-2018-9995) in many digital video recorder (DVR) brands and released a tool for exploiting it. The vulnerability is still being exploited in the wild, FortiGuard Labs… Continue reading Attackers are trying to exploit old DVR vulnerabilities (CVE-2018-9995, CVE-2016-20016)
A vulnerability (CVE-2021-28372) in the SDK that allows IoT devices to use ThroughTek’s Kalay P2P cloud platform could be exploited to remotely compromise and control them, Mandiant researchers have discovered. Further attacks are possible depend… Continue reading Critical bug allows remote compromise, control of millions of IoT devices (CVE-2021-28372)
Criminals behind botnets Chalubo, FBot and Moobot attack unpatched vulnerabilities in the commercial DVRs made by LILIN. Continue reading Hackers Actively Exploit 0-Day in CCTV Camera Hardware
A wide variety of Zyxel and LILIN IoT devices are being conscripted into several botnets, researchers have warned. Users are advised to implement the provided firmware updates to plug the security holes exploited by the botmasters or, if they can’… Continue reading Zyxel NAS, firewalls and LILIN DVRs and IP cameras conscripted into IoT botnets
We know that a lot of our beloved readers don’t take kindly to abuse of vintage hardware, so the Atari fans in the audience may want to avert their eyes for this one. Especially if they’re particularly keen on spinning up their Jawbreaker cassette on authentic hardware, as [iot4c] has …read more
Remember the TiVo? The set-top DVR that was once so popular of a hacking target that Hackaday had a dedicated subdomain for it has today largely faded into obscurity as time-shifted viewing has given way to Internet streaming services like Netflix and Hulu. But make no mistake, while the TiVo …read more
SEC Consult researchers have issued a warning about a handful of critical vulnerabilities they discovered in video surveillance equipment by Chinese manufacturer Hangzhou Xiongmai Technology. About the vulnerabilities The discovered vulnerabilities inc… Continue reading 9 million Xiongmai cameras, DVRs wide open to attack
A researcher has discovered that it’s easier than ever before to hack at least one brand of internet-enabled DVR, as an IoT search engine has cached their passwords within search results.
Read more in my article on the Bitdefender BOX blog.
Continue reading IoT search engine exposes passwords of over 30,000 vulnerable DVRs
A group of Princeton and Purdue researchers has shown that it’s possible to mount a denial-of-service (DoS) attack against hard disk drives via acoustic signals. Threat severity Hard disk drives (HDDs) have become the most commonly-used type of n… Continue reading DoS attacks against hard disk drives using acoustic signals