Experts Warn of Widespread Exploitation Involving Hikvision Cameras
Both government and criminal hacking groups are still targeting Hikvision cameras with a vulnerability from 2021, according to reports from several security researchers. From a report: Cybersecurity firm CYFIRMA released a report this week saying Russian cybercriminal forums are awash with hackers looking to collaborate on exploiting Hikvision cameras using the command injection vulnerability CVE-2021-36260. "Specifically in the Russian forums, we have observed leaked credentials of Hikvision camera products available for sale," the company's researchers said. "These can be leveraged by hackers to gain access to the devices and exploit further the path of attack to target an organization's environment." CYFIRMA reported they found that more than 80,000 Hikvision cameras are still vulnerable to the critical command injection flaw, which carries a CVSS score of 9.8 out of 10. Of the more than 80,000 vulnerable cameras, more than 100 nations and 2,300 organizations are impacted.
Read more of this story at Slashdot.