The feeds from the cameras are collected on a special site called Behind Enemy Lines, where various messages are superimposed on the picture, reporting information about the Russian invasion of Ukraine in a country where any free media activity is blocked and severe censorship is introduced.

200RF.com is another site posting information about Russian soldiers in Ukraine.

In total, the site collected data from more than 80 cameras, which the hackers divided into categories: “inside”, “outside”, “restaurants”, “offices”, “business”, “schools” and so on.

During the launch, the site had a “home” section, but now it is empty, and Anonymous writes that they have removed the video from the site:

Let me remind you that Anonymous hackers declared war on the Russian government.

Vice Motherboard journalists note that, according to their data, many cameras are indeed located in Russia. On one of the CCTV feeds, Motherboard looked at one of the convenience stores that had a Russian sign saying “Happy Easter”, suggesting that the channel was at least either live or filmed around that time of year. Another one ended up in the Siberian Tyumen region.

However, it is not clear exactly how the hacktivists gained access to them. Probably Anonymous used some kind of search engine (like Shodan).

We also wrote that The popular node-ipc npm package removes files on systems of developers from Russia and Belarus.

The post Anonymous claims they hacked dozens of CCTV cameras in Russia appeared first on Gridinsoft Blog.

Among discovered by researchers problems were: reflected XSS attacks; a buffer overflow to find out the administrator’s credentials; bypass authentication; arbitrary code execution. Basically, anyone with access to the device’s admin page can perform the listed attacks without even knowing the credentials.

“Fortunately, in most cases, to gain access to the admin interface, an attacker must be on the same network as the router (for example, it could be a connection to a public access point or a single internal network)”, – say Loginsoft experts.

The situation is seriously complicated by opportunity of remote connection to the router: then the attacker will only need to make a request for the router’s IP address, bypass authentication, and take control of the device and the network. According to the search engine Shodan, more than 55,000 D-Link devices currently can be remotely accessed.

D-Link specialists have already published a list of all devices vulnerable to five new problems. Some of these bugs were reported back in February 2020, while Loginsoft’s research, according to the company, was conducted in March.

At the same time, the company does not specify what will be DAP-1522 and DIR-816L devices, for which support and release of updates have already been discontinued. These routers running firmware 1.42 (and later) and 12.06.B09 (and later) remain vulnerable and there is no way to patch them.

However, for another old model, DAP-1520, D-Link made an exception and released a beta version of the patch (1.10b04Beta02).

It all reminded about curious story about vulnerabilities in D-Link products, when for 8 years Cereals IoT botnet used one of the vulnerabilities in D-Link’s NAS and NVR to… download anime.

List of disclosed vulnerabilities:

• CVE-2020-15892: DAP 1520: Buffer overflow in the `ssi` binary, leading to arbitrary command execution.
• CVE-2020-15893: DIR-816L: Command injection vulnerability in the UPnP via a crafted M-SEARCH packet
• CVE-2020-15894: DIR-816L: Exposed administration function, allowing unauthorized access to the few sensitive information.
• CVE-2020-15895: DIR-816L: Reflected XSS vulnerability due to an unescaped value on the device configuration
• CVE-2020-15896: DAP-1522: Exposed administration function, allowing unauthorized access to the few sensitive information.

The post Information security specialists disclosed details of five vulnerabilities in D-Link routers appeared first on Gridinsoft Blog.

According to statistics from the Shodan search engine, by last Sunday, March 29, 2020, the number of RDP endpoints increased from 3,000,000 at the beginning of the year to almost 4,400,000. These data include only endpoints running on the standard RDP 3389 port.

“A similar surge of activity is also observed on port 3388, which is regularly use system administrators to protect RDPs from attacks. In this case, activity increased by 36.8% (from 60,000 at the beginning of the year to 80,000 now)”, – says John Matherly, the founder and head of Shodan.

Similarly is growing the number of different servers using VPN protocols, such as IKE and PPTP: from 7,500,000 to almost 10,000,000 to date.

However, these figures reflect the situation only with corporate VPN servers, while the use of consumer-level VPNs is also growing rapidly. The fact is that as majority users are now stuck at home, they are increasingly resorting to use VPN applications to bypass geographic blocking.

For example, last week, NordVPN developers reported that since March 11, the number of users has grown by 165%, while Atlas VPN speaks of a 124% increase in VPN usage among US users only.

These data are also confirm representatives of the Top10VPN website, which note the growth of the entire market and, in particular, record a 65% increase in demand for VPNs in the USA (compared to the previous quarter).

“We’ve observed significant growth in other protocols (HTTPS) but one of the important areas where we’ve seen a worrying increase in exposure is for industrial control systems (ICS). The growth (16.4%) is not as large as for other protocols but these are ICS protocols that don’t have any authentication or security measures. We had actually seen a stagnation in the ICS exposure up until now. And there have been significant advancements in OT security so there are plenty of secure options to choose from”, — reports John Matherly.

This data is not surprising, Shodan only confirmed the reflection of the Internet during the pandemic. But it also indicates increased risks: the most popular vectors of attacks, according to the report of FireEye company, were brute force attacks on open RDP ports aimed at phishing employees.

The post Due to pandemic, RDP and VPN usage grew by 41% and 33% appeared first on Gridinsoft Blog.