Tuesday , November 5 2024
Camera

Hikvision Patches Security Flaw in Network Cameras

infosecbulletin 4 days ago Vulnerabilities

Hikvision, a top provider of network cameras, has issued firmware updates to fix a security vulnerability that could reveal users’ Dynamic DNS credentials. This issue impacts various Hikvision camera models and may allow attackers to access sensitive information or disrupt camera communication with the Dynamic DNS service.

The Vulnerability:

GitHub launched an AI tool to build apps without code

By infosecbulletin / Saturday , November 2 2024
GitHub has launched an AI tool called 'Spark' that allows users to create apps using natural language, eliminating the need...
Read More
GitHub launched an AI tool to build apps without code

Hacker offer Titas gas root access to sale

By infosecbulletin / Friday , November 1 2024
"A threat actor has reportedly claimed to gain root-level access to Titas Gas’s firewall server and is actively offering this...
Read More
Hacker offer Titas gas root access to sale

New malware FakeCall intercepts your calls to the bank

By infosecbulletin / Friday , November 1 2024
Zimperium researchers have found a new version of FakeCall malware for Android that threatens financial security. This malware redirects users'...
Read More
New malware FakeCall intercepts your calls to the bank

Hikvision Patches Security Flaw in Network Cameras

By infosecbulletin / Friday , November 1 2024
Hikvision, a top provider of network cameras, has issued firmware updates to fix a security vulnerability that could reveal users'...
Read More
Hikvision Patches Security Flaw in Network Cameras

SonicWall report
Government Sector faces 236% Surge in Malware Attacks

By infosecbulletin / Friday , November 1 2024
Global threat actors have significantly increased attacks on government sectors, with malware-driven attempts rising by triple digits in the first...
Read More
SonicWall report Government Sector faces 236% Surge in Malware Attacks

Bangladesh Kubernetes User Group Meetup successfully completed

By infosecbulletin / Thursday , October 31 2024
Meetup of Bangladesh Kubernetes User Group was held at Banani Club 9294, Dhaka on Thursday, 31 October 2024. A lively...
Read More
Bangladesh Kubernetes User Group Meetup successfully completed

Bangladesh Bank issues cyber threat alert

By infosecbulletin / Thursday , October 31 2024
Bangladesh Bank issues alert on cyber threat. In its alert the central bank said, according to Bangladesh cyber security intelligence...
Read More
Bangladesh Bank issues cyber threat alert

Hacker claim data breach: bank confirms blaming third party

By infosecbulletin / Thursday , October 31 2024
Interbank, a major financial institution in Peru, has confirmed a data breach after a hacker leaked stolen data online. Formerly...
Read More
Hacker claim data breach: bank confirms blaming third party

CISA Launches Its First Ever International Strategic Plan

By infosecbulletin / Wednesday , October 30 2024
The US Cybersecurity and Infrastructure Security Agency (CISA) has released its first international strategic plan to enhance global cooperation in...
Read More
CISA Launches Its First Ever International Strategic Plan

Rented bank account used to illegal transection: 5 arrested

By infosecbulletin / Tuesday , October 29 2024
The Indian Cyber Crime Coordination Centre (I4C) has warned about illegal payment gateways set up by transnational cyber criminals using...
Read More
Rented bank account used to illegal transection: 5 arrested

Older Hikvision network cameras relied on HTTP for communication with Dynamic DNS providers like DynDNS and NO-IP. This exposed usernames and passwords as they were sent in cleartext, making them vulnerable to interception.

Impact:

An attacker exploiting this vulnerability could:

Steal Dynamic DNS Credentials:
Capture usernames and passwords, potentially gaining unauthorized access to the user’s Dynamic DNS account.

Disrupt Communication:
Interfere with the camera’s connection to the Dynamic DNS service, preventing remote access to the camera.

Launch Further Attacks:
Use the compromised Dynamic DNS account to redirect traffic or launch other malicious activities.

Affected Products:

A wide range of Hikvision network camera models are affected, including:

DS-2CD1xxxG0, DS-2CD2xx1G0, DS-2CD3xx1G0, IPC-xxxxH (versions prior to V5.7.23 build241008)
DS-2CD29xxG0 (versions prior to V5.7.21 build240814)
DS-2CD1xxxG2, DS-2CD3xx1G2, HWI-xxxxHA, IPC-xxxxHA (versions prior to V5.8.4 build240613)
DS-2CD2xxxG2, DS-2CD3xxxG2 (versions prior to V5.7.18 build240826)
DS-2CD2xxxFWD (versions prior to V5.6.821 build240409)

Solution:
Hikvision fixed the vulnerability by releasing updated firmware that requires HTTPS communication with Dynamic DNS services. Affected camera users should update their firmware immediately.

Bangladesh Bank issues cyber threat alert

Check Also

Diagram

Vulnhuntr: A Tool for Finding Exploitable Vulnerabilities with LLMs

In today’s changing cybersecurity environment, it’s essential to find vulnerabilities in code. Vulnhuntr, an open-source …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin