Security News > 2020 > March > Hackers Actively Exploit 0-Day in CCTV Camera Hardware
2020-03-23 20:35
Multiple zero-day vulnerabilities were actively being exploited in CCTV security cameras manufactured by Taiwan-based LILIN, researchers found.
The company, an IP video solution provider, was being targeted by hackers hijacking the company's DVR hardware.
Once commandeered, hackers then planted malware on devices to run botnets Chalubo, FBot and Moobot.
As for the LILIN DVR vulnerability specifics, one is tied to the DRV's NTPDate computer program.
Similar injection vulnerabilities exist within the software's FTP settings that eventually allow remote access to the "/dvr/cmd" interface through hard-coded account passwords.
News URL
Related news
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer (source)