Security Alerts & News
by Tymoteusz A. Góral

History
#2097 Dahua, Hikvision IoT devices under siege
Dahua, the world’s second-largest maker of “Internet of Things” devices like security cameras and digital video recorders (DVRs), has shipped a software update that closes a gaping security hole in a broad swath of its products. The vulnerability allows anyone to bypass the login process for these devices and gain remote, direct control over vulnerable systems. Adding urgency to the situation, there is now code available online that allows anyone to exploit this bug and commandeer a large number of IoT devices.

On March 5, a security researcher named Bashis posted to the Full Disclosure security mailing list exploit code for an embarrassingly simple flaw in the way many Dahua security cameras and DVRs handle authentication. These devices are designed to be controlled by a local Web server that is accessible via a Web browser.
Read more
#2103 New Instagram credential stealers discovered on Google Play
#2102 New macOS Proton RAT available for sale on Russian hacking forum
#2101 Spam campaign targets financial institutions with fake security software
#2100 Detecting and eliminating Chamois, a fraud botnet on Android
#2099 Google launches invisible reCAPTCHA with no user interaction required
#2098 0day exploits rarely discovered by more than one group, study finds
#2097 Dahua, Hikvision IoT devices under siege
#2096 New Linux malware exploits CGI vulnerability
#2095 How online gamers use malware to cheat
#2094 Preinstalled malware targeting mobile users
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12