Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Hikvision Expose Critical Security Flaw

November 1, 2024
Reading Time: 2 mins read
in Alerts
New Xiū gǒu Phishing Kit Expands Reach

A critical security vulnerability has been identified in Hikvision network cameras, potentially allowing attackers to intercept Dynamic DNS (DDNS) credentials transmitted in cleartext.

This flaw poses a significant risk to thousands of devices that have not yet received the latest security updates, particularly affecting multiple models using outdated firmware. The vulnerability arises from the cameras’ implementation of DDNS services, specifically those utilizing DynDNS and NO-IP, where credential information is sent over HTTP without encryption instead of using the more secure HTTPS protocol.

Security researchers have warned that this lack of encryption makes the cameras susceptible to man-in-the-middle attacks, enabling malicious actors to capture DDNS service credentials. Once acquired, these credentials could allow attackers to manipulate camera connections and gain unauthorized access to video feeds.

The implications of this vulnerability are particularly serious, as Hikvision cameras are widely deployed in sensitive locations, including critical infrastructure settings, which raises concerns about potential misuse of the captured data. The exposure is alarming, with over 80,000 Hikvision cameras reportedly still accessible online with various known vulnerabilities.

These devices are distributed across approximately 2,300 organizations in 100 countries, with the largest concentrations found in China, the United States, and Vietnam. Given the strategic importance of many installations, including those at critical sites, the vulnerability has garnered interest from both criminal organizations and state-sponsored groups, particularly within Russian cybercriminal forums discussing potential exploitation techniques.

In response to the discovery of this vulnerability, Hikvision has released firmware updates aimed at addressing the security concern by ensuring that cameras exclusively communicate via HTTPS for DDNS services.

The company has strongly advised users to immediately update their firmware, implement robust password policies, and isolate camera networks from critical assets using firewalls or VLANs.

Organizations utilizing affected Hikvision cameras are urged to adopt these security measures to prevent potential device compromise and safeguard their networks against unauthorized access.

Reference:

  • https://jvn.jp/en/jp/JVN11779839/index.html
Tags: Cyber AlertsCyber Alerts 2024Cyber threatsDNSNovember 2024
ADVERTISEMENT

Related Posts

Fake Law Firms Exploit Crypto Victims

Fake Law Firms Exploit Crypto Victims

August 18, 2025
Fake Law Firms Exploit Crypto Victims

Plex Urges Users to Patch Fast

August 18, 2025
Fake Law Firms Exploit Crypto Victims

Man in the Prompt Reveals Hidden AI Threat

August 18, 2025
Charon Ransomware Hits Middle East

Charon Ransomware Hits Middle East

August 15, 2025
Charon Ransomware Hits Middle East

Hackers Use CrossC2 to Target Linux, macOS

August 15, 2025
Charon Ransomware Hits Middle East

Zoom Patches Critical Windows Flaw

August 15, 2025

Latest Alerts

Plex Urges Users to Patch Fast

Man in the Prompt Reveals Hidden AI Threat

Fake Law Firms Exploit Crypto Victims

Zoom Patches Critical Windows Flaw

Charon Ransomware Hits Middle East

Hackers Use CrossC2 to Target Linux, macOS

Subscribe to our newsletter

    Latest Incidents

    Hackers Exploit Microsoft Flaw in Canada

    Colt Hit by Cyberattack Shuts Systems

    Workday Discloses Data Breach

    Hackers Leak Allianz Life Data

    Croatian Institute Hit by Ransomware

    Norway Dam Breached by Pro-Russian Hackers

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial