Sandcastle

LILIN DVRs and cameras are being actively exploited by a surprisingly sophisticated botnet campaign. There are three separate 0-day vulnerabilities being exploited in an ongoing campaigns. If you have a device built by LILIN, go check for firmware updates, and if your device is exposed to the internet, entertain the possibility that it was compromised.

The vulnerabilities include a hardcoded username/password, command injection in the FTP and NTP server fields, and an arbitrary file read vulnerability. Just the first vulnerability is enough to convince me to avoid black-box DVRs, and keep my IP cameras segregated from the wider internet.

Continue reading “This Week In Security: 0-Days, Pwn2Own, IOS And Tesla” →

Hackaday

1 Articles

This Week In Security: 0-Days, Pwn2Own, IOS And Tesla

Search

Never miss a hack

If you missed it

The Great Green Wall: Africa’s Ambitious Attempt To Fight Desertification

Your Open-Source Client Options In The Non-Mastodon Fediverse

Supercon 2023: MakeItHackin Automates The Tindie Workflow

My Space

NASA Is Now Tasked With Developing A Lunar Time Standard, Relativity Or Not

Our Columns

Ask Hackaday: Do You Calibrate Your Instruments?

FLOSS Weekly Episode 782: Nitric — In Search Of The Right Knob

Displays We Love Hacking: LVDS And EDP

The 2024 Business Card Challenge Starts Now

Retrotechtacular: How Not To Use Hand Tools

Search

Never miss a hack

Subscribe

If you missed it

Our Columns