<a href="https://www.linkedin.com/in/noam-moshe-9b3a61200/">Noam Moshe</a>, <a href="https://www.linkedin.com/company/claroty/">Claroty</a>’s Vulnerability Research Team Lead, joins Dave to discuss Team 82's work on "Turning Camera Surveillance on its Axis." Team82 disclosed four vulnerabilities in Axis.Remoting—deserialization, a MiTM “pass-the-challenge” NTLMSSP flaw, and an unauthenticated fallback HTTP endpoint—that enable pre-auth remote code execution against Axis Device Manager and Axis Camera Station. 
They found more than 6,500 Axis.Remoting services exposed online (over half in the U.S.), letting attackers enumerate targets, install malicious Axis packages, and hijack, view, or shut down managed camera fleets.Axis published an urgent advisory, issued patches for ADM 5.32, Camera Station 5.58 and Camera Station Pro 6.9, accepted Team82’s disclosure, and organizations are urged to update.
The research can be found here:
<ul>
 <li><a href="https://claroty.com/team82/research/turning-camera-surveillance-on-its-axis">Turning Camera Surveillance on its Axis</a></li>
</ul> Learn more about your ad choices. Visit <a href="https://megaphone.fm/adchoices">megaphone.fm/adchoices</a>

Derek Manky: Putting the rubber to the road. [Threat Intelligence] [Career Notes]

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.