InfoSecBulletin Cybersecurity for mankind
CISA warned about two important vulnerabilities in Dahua IP cameras and related products. Though these vulnerabilities were discovered in 2021, CISA has now added them to its catalog “based on evidence of active exploitation.”
CISA stated that Dahua IP cameras and related products have authentication bypass vulnerabilities. Attackers can bypass device identity authentication by creating harmful data packets.
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
CISA gave federal agencies until September 11th to “apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.”
According to the manufacturer’s website, the updated software is currently accessible through various methods.
In November 2022, the US Federal Communications Commission banned authorizations for Chinese telecommunications and video surveillance equipment, saying that Huawei, ZTE, Hytera, Hikvision, and Dahua are “deemed to pose a threat to national security.”
Previously, the UK surveillance watchdog warned about Chinese cameras. CISA advises organizations to reduce the risk of cyberattacks by promptly addressing identified vulnerabilities. Cybernews found lots of unprotected cameras in the US that anyone could access, including some in real-time.
Dahua is a well known camera company. However the US government banned some of their products from being sold in the US.
