Threat: Backdoor.Win32.Acropolis.10
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions under c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the…
Threat: Backdoor.Win32.Acropolis.10
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions under c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the…
I have actually contacted Dahua PSIRT team and they confirmed the
vulnerability exists few days ago but then since this product is not in
that scope on requesting CVE and therefore I am going to disclose the
details here:
Vulnerable Software and Version:
ToolBox-V1.010.0000000.0 (versions prior to this are probably vulnerable
but just tested against V1.010.0000000.0)
I have actually contacted Dahua PSIRT team and they confirmed the
vulnerability exists few days ago but then since this product is not in
that scope on requesting CVE and therefore I am going to disclose the
details here:
Vulnerable Software and Version:
ToolBox-V1.010.0000000.0 (versions prior to this are probably vulnerable
but just tested against V1.010.0000000.0)
There’s an old adage in business; if you’re not measuring something, you can’t manage it. These days, information technology (IT) and information security professionals know this all too well, especially when it comes to configuration assessments. Network performance requires constant monitoring. Cyber threats demand identification and remediation. Systems need to be securely configured upon implementation and then assessed frequently to ensure they stay that way.
