InfoSecBulletin Cybersecurity for mankind
CISA warned about two important vulnerabilities in Dahua IP cameras and related products. Though these vulnerabilities were discovered in 2021, CISA has now added them to its catalog “based on evidence of active exploitation.”
CISA stated that Dahua IP cameras and related products have authentication bypass vulnerabilities. Attackers can bypass device identity authentication by creating harmful data packets.
Joint cybersecurity advisory
Botnet infects 260,000 SOHO routers, IP cameras with malware
Chrome 129 Released Fix with multiple Security Flaws
Broadcom fixed RCE bug in VMware vCenter Server
Cybercriminal now misuse Microsoft Azure tool to steal data
Apple warns users to install iOS 18 to Fix 33 iPhone Vulnerabilities
CISA adds windows and whatsUp Gold vuls to its KEV
Petroleum and Fuel Industry
FleetPanda exposes Nearly One Million Documents
DESCO faces cyber attack: Customers Data Breach
Alert! Google Fixes GCP Composer Flaw
CTF in Bangladesh: Unveiling Challenges, Opportunities and remedies
CISA gave federal agencies until September 11th to “apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.”
According to the manufacturer’s website, the updated software is currently accessible through various methods.
In November 2022, the US Federal Communications Commission banned authorizations for Chinese telecommunications and video surveillance equipment, saying that Huawei, ZTE, Hytera, Hikvision, and Dahua are “deemed to pose a threat to national security.”
Previously, the UK surveillance watchdog warned about Chinese cameras. CISA advises organizations to reduce the risk of cyberattacks by promptly addressing identified vulnerabilities. Cybernews found lots of unprotected cameras in the US that anyone could access, including some in real-time.
Dahua is a well known camera company. However the US government banned some of their products from being sold in the US.
