Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Digital video recorder installers master password list 'leaked' – claims

Shutterstock_password_sniffer3

Xiongmai, the vendor behind many Mirai-vulnerable DVRs, has earned the consternation of security watchers once again.

The vendor's 2017 list of superuser passwords for certain DVRs – designed only for CCTV installers to access customer installations – appears to have leaked online.

"If the creds are what we think they are, they may be enough to remotely take over certain CCTV systems," Ken Munro, a director at UK security consultancy Pen Test Partners (PTP), told El Reg. "[It's] a bit like Mirai, but the consequence is remote viewing of people's CCTV cameras."

PTP found the leaked list on the LinkedIn page for a CCTV installer in Nigeria. This list, which covers login credentials for the rest of 2017, is essentially a one-time pad or per-day superuser password for a DVR service. One-time pads are only effective if they are shared in complete confidence and not reused.

Mikko Hyponnen, CRO of security software firm F-Secure, has since noted the same documents elsewhere on...(continued)

View All Trending Stories