Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

CISA Adds Dahua Linux and Microsoft Flaws

August 21, 2024
Reading Time: 2 mins read
in Alerts

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, focusing on significant security issues related to Dahua IP cameras, the Linux kernel, and Microsoft Exchange Server. Among the vulnerabilities, CVE-2021-33044 and CVE-2021-33045 are identified as authentication bypass vulnerabilities affecting various Dahua camera models, allowing remote attackers to exploit these devices by sending specially crafted data packets. With a CVSS v3 score of 8.1, these flaws underscore the urgent need for users to apply security updates to prevent unauthorized access and exploitation.

CISA’s advisory highlights the risks posed by exposed Dahua devices, which can easily be located through search engines such as Shodan. This accessibility makes it simpler for threat actors to launch attacks using publicly available proof-of-concept (PoC) code. To counter these vulnerabilities, CISA strongly recommends that users install the latest firmware updates for their Dahua cameras, as this is essential for mitigating potential security threats stemming from these authentication bypass vulnerabilities.

In addition to the Dahua vulnerabilities, CISA also flagged CVE-2022-0185, a heap-based buffer overflow vulnerability in the Linux kernel that has reportedly been exploited in the wild by threat actors linked to China. This vulnerability allows unprivileged local users to escalate their privileges on systems that fail to support the Filesystem Context API. The implications of this flaw are serious, as it enables attackers to gain greater access and control over vulnerable Linux systems, necessitating swift action from organizations to patch and secure their environments against such exploits.

Finally, the catalog includes CVE-2021-31196, a remote code execution vulnerability affecting Microsoft Exchange Server, which allows attackers to execute code with the same privileges as the affected server’s service account. Microsoft has released security patches to address this vulnerability, and CISA mandates that federal agencies remediate it by September 11, 2024. CISA’s guidance also extends to private organizations, urging them to review the KEV catalog and address any identified vulnerabilities within their infrastructure to bolster defenses against potential cyberattacks.

 

Reference:

  • CISA Adds New Critical Vulnerabilities for Dahua IP Camera and Microsoft Exchange

Tags: August 2024Cyber AlertsCyber Alerts 2024Cyber threatsCybersecurity and Infrastructure Security Agency (CISA)DahuaKnown Exploited Vulnerabilities CatalogLinuxMicrosoft
ADVERTISEMENT

Related Posts

New Godfather Trojan Hijacks Banking Apps

Winos 4.0 Malware Hits Taiwan Via Tax Phish

June 20, 2025
New Godfather Trojan Hijacks Banking Apps

New Godfather Trojan Hijacks Banking Apps

June 20, 2025
New Godfather Trojan Hijacks Banking Apps

New Amatera Stealer Delivered By ClearFake

June 20, 2025
Fake Invoices Deliver Sorillus RAT In Europe

Fake Minecraft Mods On GitHub Spread Malware

June 19, 2025
Russian Phishing Scam Bypasses Google 2FA

Russian Phishing Scam Bypasses Google 2FA

June 19, 2025
Fake Invoices Deliver Sorillus RAT In Europe

Fake Invoices Deliver Sorillus RAT In Europe

June 19, 2025

Latest Alerts

Winos 4.0 Malware Hits Taiwan Via Tax Phish

New Amatera Stealer Delivered By ClearFake

New Godfather Trojan Hijacks Banking Apps

Fake Minecraft Mods On GitHub Spread Malware

Fake Invoices Deliver Sorillus RAT In Europe

Russian Phishing Scam Bypasses Google 2FA

Subscribe to our newsletter

    Latest Incidents

    Massive Leak Exposes 16 Billion Credentials

    Tonga Health System Down After Ransomware

    Chinese Spies Target Satellite Giant Viasat

    German Dealer Leymann Hacked Closes Stores

    Hacker Mints $27M From Meta Pool Gets 132K

    UBS and Pictet Hit By Vendor Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial