The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about the exploitation of two critical-severity vulnerabilities affecting multiple Dahua products. These vulnerabilities, identified as CVE-2021-33044 and CVE-2021-33045, could allow attackers to gain unauthorized access to Dahua devices and networks. The vulnerabilities impact a range of Dahua products, including IP cameras, indoor monitors, intercom stations, and digital video recorders (DVRs). They can be exploited by attackers to bypass authentication and gain control of devices. The first vulnerability, CVE-2021-33044, can be triggered by specifying a specific argument during authentication. This allows attackers to bypass authentication on older Dahua devices that do not support a particular feature. The second vulnerability, CVE-2021-33045, can be exploited by specifying custom parameters in login requests. This can trick the device into bypassing authentication and granting the attacker access. CISA urges organizations using Dahua products to apply the necessary patches to address these vulnerabilities.
AssuranceAmerica, an American insurance provider operating through more than 9,500 independent agents across 14 U.S. states, has disclosed a major data breach affecting 6,998,886 i...
A sophisticated intrusion campaign linked to UNC6692 demonstrates how attackers can turn ordinary workplace communication tools into effective entry points for enterprise compromis...
A recent malware campaign has been identified distributing GoodPersonRAT through a counterfeit installer impersonating the LetsVPN application. By exploiting user trust in VPN tool...