Shodan Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/shodan/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Thu, 21 Apr 2022 21:06:54 +0000 en-US hourly 1 https://wordpress.org/?v=72305 200474804 Anonymous claims they hacked dozens of CCTV cameras in Russia https://gridinsoft.com/blogs/anonymous-hacked-cameras/ https://gridinsoft.com/blogs/anonymous-hacked-cameras/#respond Tue, 22 Mar 2022 19:55:30 +0000 https://gridinsoft.com/blogs/?p=7186 Anonymous hacktivists claimed on Twitter that they had hacked and gained access to dozens of external and internal security cameras in Russia, located, according to the hackers, in restaurants, offices, schools and so on. The feeds from the cameras are collected on a special site called Behind Enemy Lines, where various messages are superimposed on… Continue reading Anonymous claims they hacked dozens of CCTV cameras in Russia

The post Anonymous claims they hacked dozens of CCTV cameras in Russia appeared first on Gridinsoft Blog.

]]>
Anonymous hacktivists claimed on Twitter that they had hacked and gained access to dozens of external and internal security cameras in Russia, located, according to the hackers, in restaurants, offices, schools and so on.

The feeds from the cameras are collected on a special site called Behind Enemy Lines, where various messages are superimposed on the picture, reporting information about the Russian invasion of Ukraine in a country where any free media activity is blocked and severe censorship is introduced.

352 Ukraine civilians dead. Russians lied to 200RF.com. Slava Ukraine! Hacked by Anonymous.the message displayed on the feeds says.

200RF.com is another site posting information about Russian soldiers in Ukraine.

In total, the site collected data from more than 80 cameras, which the hackers divided into categories: “inside”, “outside”, “restaurants”, “offices”, “business”, “schools” and so on.

During the launch, the site had a “home” section, but now it is empty, and Anonymous writes that they have removed the video from the site:

After some discussions, we decided to remove [the section] with cameras in houses with respect for the privacy of Russian citizens. We hope you understand.reads the message left in this section.

Let me remind you that Anonymous hackers declared war on the Russian government.

Vice Motherboard journalists note that, according to their data, many cameras are indeed located in Russia. On one of the CCTV feeds, Motherboard looked at one of the convenience stores that had a Russian sign saying “Happy Easter”, suggesting that the channel was at least either live or filmed around that time of year. Another one ended up in the Siberian Tyumen region.

However, it is not clear exactly how the hacktivists gained access to them. Probably Anonymous used some kind of search engine (like Shodan).

One of the self-described Anonymous Twitter handles mentioned on the website did not immediately respond to a request for comment on how they gained access to these feeds, be that through a computer search engine such as Shodan or some other method.journalists of Vice Motherboard reported.

We also wrote that The popular node-ipc npm package removes files on systems of developers from Russia and Belarus.

The post Anonymous claims they hacked dozens of CCTV cameras in Russia appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/anonymous-hacked-cameras/feed/ 0 7186
Information security specialists disclosed details of five vulnerabilities in D-Link routers https://gridinsoft.com/blogs/information-security-specialists-disclosed-details-of-five-vulnerabilities-in-d-link-routers/ https://gridinsoft.com/blogs/information-security-specialists-disclosed-details-of-five-vulnerabilities-in-d-link-routers/#comments Tue, 28 Jul 2020 16:02:52 +0000 https://blog.gridinsoft.com/?p=4108 Loginsoft experts have reported about five serious vulnerabilities found in some models of D-Link routers. Even worse, support for some vulnerable devices has already been discontinued, which means they will not receive patches, while PoC exploits for problems have already been made public. Among discovered by researchers problems were: reflected XSS attacks; a buffer overflow… Continue reading Information security specialists disclosed details of five vulnerabilities in D-Link routers

The post Information security specialists disclosed details of five vulnerabilities in D-Link routers appeared first on Gridinsoft Blog.

]]>
Loginsoft experts have reported about five serious vulnerabilities found in some models of D-Link routers. Even worse, support for some vulnerable devices has already been discontinued, which means they will not receive patches, while PoC exploits for problems have already been made public.

Among discovered by researchers problems were: reflected XSS attacks; a buffer overflow to find out the administrator’s credentials; bypass authentication; arbitrary code execution. Basically, anyone with access to the device’s admin page can perform the listed attacks without even knowing the credentials.

“Fortunately, in most cases, to gain access to the admin interface, an attacker must be on the same network as the router (for example, it could be a connection to a public access point or a single internal network)”, – say Loginsoft experts.

The situation is seriously complicated by opportunity of remote connection to the router: then the attacker will only need to make a request for the router’s IP address, bypass authentication, and take control of the device and the network. According to the search engine Shodan, more than 55,000 D-Link devices currently can be remotely accessed.

five vulnerabilities in D-Link routers

D-Link specialists have already published a list of all devices vulnerable to five new problems. Some of these bugs were reported back in February 2020, while Loginsoft’s research, according to the company, was conducted in March.

At the same time, the company does not specify what will be DAP-1522 and DIR-816L devices, for which support and release of updates have already been discontinued. These routers running firmware 1.42 (and later) and 12.06.B09 (and later) remain vulnerable and there is no way to patch them.

However, for another old model, DAP-1520, D-Link made an exception and released a beta version of the patch (1.10b04Beta02).

It all reminded about curious story about vulnerabilities in D-Link products, when for 8 years Cereals IoT botnet used one of the vulnerabilities in D-Link’s NAS and NVR to… download anime.

List of disclosed vulnerabilities:

  • CVE-2020-15892: DAP 1520: Buffer overflow in the `ssi` binary, leading to arbitrary command execution.
  • CVE-2020-15893: DIR-816L: Command injection vulnerability in the UPnP via a crafted M-SEARCH packet
  • CVE-2020-15894: DIR-816L: Exposed administration function, allowing unauthorized access to the few sensitive information.
  • CVE-2020-15895: DIR-816L: Reflected XSS vulnerability due to an unescaped value on the device configuration
  • CVE-2020-15896: DAP-1522: Exposed administration function, allowing unauthorized access to the few sensitive information.

The post Information security specialists disclosed details of five vulnerabilities in D-Link routers appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/information-security-specialists-disclosed-details-of-five-vulnerabilities-in-d-link-routers/feed/ 1 4108
Due to pandemic, RDP and VPN usage grew by 41% and 33% https://gridinsoft.com/blogs/due-to-pandemic-rdp-and-vpn-usage-grew-by-41-and-33/ https://gridinsoft.com/blogs/due-to-pandemic-rdp-and-vpn-usage-grew-by-41-and-33/#respond Tue, 31 Mar 2020 16:04:41 +0000 https://blog.gridinsoft.com/?p=3625 Amid of the COVID-19 pandemic, the use of remote access technologies such as RDP and VPN has grown significantly, as many companies have transferred their employees to remote work, and this usually involves a remote connection to internal networks.   According to statistics from the Shodan search engine, by last Sunday, March 29, 2020, the… Continue reading Due to pandemic, RDP and VPN usage grew by 41% and 33%

The post Due to pandemic, RDP and VPN usage grew by 41% and 33% appeared first on Gridinsoft Blog.

]]>
Amid of the COVID-19 pandemic, the use of remote access technologies such as RDP and VPN has grown significantly, as many companies have transferred their employees to remote work, and this usually involves a remote connection to internal networks.

 

According to statistics from the Shodan search engine, by last Sunday, March 29, 2020, the number of RDP endpoints increased from 3,000,000 at the beginning of the year to almost 4,400,000. These data include only endpoints running on the standard RDP 3389 port.

“A similar surge of activity is also observed on port 3388, which is regularly use system administrators to protect RDPs from attacks. In this case, activity increased by 36.8% (from 60,000 at the beginning of the year to 80,000 now)”, – says John Matherly, the founder and head of Shodan.

Similarly is growing the number of different servers using VPN protocols, such as IKE and PPTP: from 7,500,000 to almost 10,000,000 to date.

However, these figures reflect the situation only with corporate VPN servers, while the use of consumer-level VPNs is also growing rapidly. The fact is that as majority users are now stuck at home, they are increasingly resorting to use VPN applications to bypass geographic blocking.

For example, last week, NordVPN developers reported that since March 11, the number of users has grown by 165%, while Atlas VPN speaks of a 124% increase in VPN usage among US users only.

These data are also confirm representatives of the Top10VPN website, which note the growth of the entire market and, in particular, record a 65% increase in demand for VPNs in the USA (compared to the previous quarter).

“We’ve observed significant growth in other protocols (HTTPS) but one of the important areas where we’ve seen a worrying increase in exposure is for industrial control systems (ICS). The growth (16.4%) is not as large as for other protocols but these are ICS protocols that don’t have any authentication or security measures. We had actually seen a stagnation in the ICS exposure up until now. And there have been significant advancements in OT security so there are plenty of secure options to choose from”, — reports John Matherly.

This data is not surprising, Shodan only confirmed the reflection of the Internet during the pandemic. But it also indicates increased risks: the most popular vectors of attacks, according to the report of FireEye company, were brute force attacks on open RDP ports aimed at phishing employees.

[box]Reference:
The Remote Desktop Protocol (RDP) is a common way for Windows users to remotely manage their workstation or server. However, it has a history of security issues and generally shouldn’t be publicly accessible without any other protections (ex. firewall whitelist, 2FA).[/box]

The post Due to pandemic, RDP and VPN usage grew by 41% and 33% appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/due-to-pandemic-rdp-and-vpn-usage-grew-by-41-and-33/feed/ 0 3625