Hello, welcome to the Monday, October 21st, 2019 edition of the Sansandot Storm Center's

Stormcast. My name is Johannes Ulrich, and the time recording from Santa Monica, California.

But we've got yet another sort of variation of attacks against digital video recorders. This time it's the NVMS

9,000 digital video recorder and the hard-coded password being abused here is for a change,

not a telethon SH password, but instead an HTTP password. In addition, this particular attack takes advantage of a web application vulnerability that

does allow arbitrary code execution.

Now, what's also a little bit different here is that in case of just using curl or

W get in order to download the additional software,

here Netcat is used.

Not sure if this is because WGet and curl is not on this particular system, but then again,

Netcat is less likely typically to be found on these type of DVRs.

Guy who detected this and wrote up this particular diary did observe two particular IP addresses

that the victim was instructed to connect back to.

However, neither one of these IP addresses appears to be still up, so not really sure if this is just still going on, or if it's going to download this malware from various other IP addresses as well.

The port that's being used here, 3.137, well, that kind of should stick out if you are

looking at your logs. Now, when Android first introduced the ability to unlock your phone or

your tablet with your face, it was quite buggy and easy to bypass. All you needed really was a

picture of the individual in order to unlock the device. Now, since then, companies like Apple,

for example, have made it much more difficult to fake a particular biometric identifier like a face.

And in its latest version, the Pixel 4, Google also introduced a fairly complex camera

system in order to better identify the face and discriminate better against the pictures

and the like.

...