Hacking CCTV camera | Breaking Cybersecurity News | The Hacker News

Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording (DVR) devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is  CVE-2018-9995  (CVSS score: 9.8), a critical authentication bypass issue that could be exploited by remote actors to gain elevated permissions. "The 5-year-old vulnerability (CVE-2018-9995) is due to an error when handling a maliciously crafted HTTP cookie," Fortinet  said  in an outbreak alert on May 1, 2023. "A remote attacker may be able to exploit this flaw to bypass authentication and obtain administrative privileges eventually leading access to camera video feeds." The network security company said it observed over 50,000 attempts to exploit TBK DVR devices using the flaw in the month of April 2023. Despite the availability of a proof-of-concept ( PoC ) exploit, there are no fixes that address the vulnerability. The flaw impacts TBK DVR4104...

Remember how some cybercriminals shut down most of Washington D.C. police's security cameras for four days ahead of President Donald Trump's inauguration earlier this year? Just a few days after the incident, British authorities arrested two people in the United Kingdom, identified as a British man and a Swedish woman, both 50-year-old, on request of U.S. officials. But now US federal court affidavit  has revealed that two Romanian nationals were behind the attack that hacked into 70% of the computers that control Washington DC Metropolitan Police Department's surveillance camera network in January this year, CNN reports. The two suspects—Mihai Alexandru Isvanca, 25, and Eveline Cismaru, 28—were arrested in Bucharest on December 15 on charges of conspiracy to commit wire fraud and various forms of computer fraud. According to the criminal complaint unsealed in Washington, the pair hacked 123 of the Metropolitan Police Department's 187 outdoor surveillance c...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...

Two suspected hackers have reportedly been arrested in London on suspicion of hacking 70 percent of the CCTV cameras in Washington with ransomware ahead of President Donald Trump's inauguration last month. The arrest took place on 20th January by the officers from the National Crime Agency (NCA) of UK after it received a request from United States authorities, but it has not been disclosed until now. The NCA raided a house in the south of London last month and detained a British man and a Swedish woman, both 50-years-old, reported The Sun. Some 123 of the 187 police CCTV cameras used to monitor public areas in Washington DC stopped working on 12 January, just 8 days before the inauguration of Donald Trump, after a cyber attack hit the storage devices. The cyber attack lasted for about three days, eventually leaving the CCTV cameras out of recording anything between 12 and 15 January. It was reported that the surveillance cameras were left useless after a ransomware made...

Just days before the inauguration of President Donald Trump, cyber criminals infected 70 percent of storage devices that record data from feds surveillance cameras in Washington D.C. in a cyber attack. Any guess, What kind of virus could have hit the storage devices? Once again, the culprit is Ransomware, which has become a noxious game of Hackers to get paid effortlessly. Ransomware is an infamous piece of malware that has been known for locking up computer files and then demanding a ransom in Bitcoins in order to help victims unlock their files. But over time, the threat has changed its way from computers and smartphones to Internet-of-Thing (IoT) devices. Ransomware Infected 70% Surveillance Cameras in Washington D.C. This time the hackers managed to plant ransomware in 123 of its 187 network video recorders, each controlling up to four CCTVs used in public spaces throughout Washington D.C, which eventually left them out from recording anything between 12 and 15 Jan...

The Internet of Things (IoTs) or Internet-connected devices are growing at an exponential rate and so are threats to them. Due to the insecure implementation, these Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Set-top boxes, Security Cameras and printers, are routinely being hacked and used as weapons in cyber attacks. We have seen how hackers literally turned more than 100,000 Smart TVs and Refrigerator into the cyber weapon to send out millions of malicious spam emails for hacking campaigns; we have also seen how hackers abused printers and set-top-boxes to mine Bitcoins. And now… Cyber crooks are hacking CCTV cameras to form a massive botnet that can blow large websites off the Internet by launching Distributed Denial-of-service (DDoS) attacks. Researchers at Security firm Sucuri came across a botnet of over 25,000 CCTV cameras targeting business around the globe while defending a small jewelry shop against a DDoS attack . Al...

Be careful while buying any off-brand electronics from Amazon, as they could end up infecting you. Recently, independent security researcher Mike Olsen discovered that the CCTV surveillance devices sold on Amazon came with pre-installed malware. Olsen discovered this nasty secret after he bought a set of outdoor CCTV surveillance cameras from Amazon for one of his friends. He picked Sony Chip HD 6 Camera 1080P PoE IP CCTV surveillance camera kit sold by the Urban Security Group (USG) on Amazon, as it had good reviews and was a relatively cheap set of 6 cameras with all necessary equipment included. While helping his friend set up the cameras, Olsen logged into the administrator panel to configure the surveillance system and found that the page hosted "no normal controls or settings." Assuming that it might be bad programming, Olsen opened up the browser's developer tools and was surprised to discover a hidden iFrame loaded at the bottom of the bo...

The connected devices, better known as the Internet of Things , have been attracting the significant interest of, not only users but also cyber criminals that are turning them into weapons for cyber war. Due to the insecure implementation of Internet-connected embedded devices, they are routinely being hacked and used in cyber attacks. We have seen Smart TVs and Refrigerator sending out millions of malicious spam emails ; we have also seen printers and set-top-boxes mining Bitcoins . And Now… Cyber crooks have targeted innocent looking CCTV cameras – common Internet-of-Things (IoT) device – to launch Distributed Denial-of-Service (DDoS) attacks . Also Read: 100,000 Refrigerators and other home appliances hacked to perform cyber attack. Yes, Surveillance cameras in shopping malls are being targeted to form a large botnet that can blow large websites off the Internet by launching crippling Distributed Denial-of-service (DDoS) attacks. THE CAUSE The cro...