Recently, Dahua Technology, a well-known security camera and digital video recorder (DVR) vendor in China, released firmware updates to address a serious security issue in certain products. Before the vendor made an official statement on this issue, however, a security researcher named Bashis said that this vulnerability seemed to be a backdoor intentionally left by the vendor and so made his findings public without notifying Dahua in advance.
Apache Struts2 is prone to a remote code execution vulnerability (CNNVD-201703-152) in the Jakarta Multipart parser plug-in. When uploading a file with this plug-in, an attacker could change the value of the Content-Type header field of an HTTP request to trigger this vulnerability, causing remote code execution.
Ukrenergo, a major energy provider in Ukraine, experienced a power failure on the night of December 17, 2016, which involved the automatic control system of the “North” substation in New Petrivtsi close to Kiev. The blackout affected the northern part of Kiev, the country’s capital, and surrounding areas.
On November 27 (Sunday), at around 17:00 (local time), Deutsche Telekom was hit by a cyberattack, resulting in more than 900,000 routers getting disconnected, as confirmed by the company. The outage lasted several hours. Later, the problems continued on Monday morning from 08:00. Besides network access, the affected routers are used by Deutsche Telekom customers for fixed telephony and TV services.