I have actually contacted Dahua PSIRT team and they confirmed the
vulnerability exists few days ago but then since this product is not in
that scope on requesting CVE and therefore I am going to disclose the
details here:
Vulnerable Software and Version:
ToolBox-V1.010.0000000.0 (versions prior to this are probably vulnerable
but just tested against V1.010.0000000.0)
I have actually contacted Dahua PSIRT team and they confirmed the
vulnerability exists few days ago but then since this product is not in
that scope on requesting CVE and therefore I am going to disclose the
details here:
Vulnerable Software and Version:
ToolBox-V1.010.0000000.0 (versions prior to this are probably vulnerable
but just tested against V1.010.0000000.0)
There’s an old adage in business; if you’re not measuring something, you can’t manage it. These days, information technology (IT) and information security professionals know this all too well, especially when it comes to configuration assessments. Network performance requires constant monitoring. Cyber threats demand identification and remediation. Systems need to be securely configured upon implementation and then assessed frequently to ensure they stay that way.
Ransomware and phishing were the top cybersecurity issues for businesses in 2021, according to IBM Security’s annual X-Force Threat Intelligence Index.
The report maps the trends and patterns observed by X-Force, IBM’s threat intelligence sharing platform, covering key data points including network and endpoint detection devices, and incident response (IR) engagements.
The report, which covers 2021, reported ransomware as the top attack type; phishing and unpatched vulnerabilities as leading infection vectors; cloud, open-source, and Docker environments as the biggest areas of focus for malware; manufacturing the most attacked industry; and Asia the most attacked region.
Global supply chains are bearing the brunt of ransomware attacks, according to a new IBM report that finds manufacturing was the most targeted industry during 2021.
Read more in my article on the Tripwire State of Security blog.