Reset

2018 Sets Records with More Than 16,000 Known Vulnerabilities

February 4, 2019

2018 Sets Records with More Than 16,000 Known Vulnerabilities

Hikvision on Using Ethical Hackers to Uncover Vulnerabilities, Advice to Address SecurityConcerns

 

In the piece, “2018 Set a New Record for Security Vulnerabilities,” Security magazine states that 2018 exceeded the record of the previous year with more than 16,500 known vulnerabilities catalogued, leading to rising concerns about security.

According to the article, hackers are leveraging software vulnerabilities to exploit systems. “When searching for weaknesses in applications, middleware and operating systems, hackers first target known security vulnerabilities. These vulnerabilities are well-documented, providing a “roadmap” for hackers to follow. Whether software code is proprietary or open source, it harbors security vulnerabilities. Advocates of open source argue that the accessibility and transparency of the code allow the “good guys”—corporate quality assurance teams, white hat hackers and open source project groups–to find bugs faster. Conversely, critics of open source contend that more attackers than defenders examine the code, resulting in a net effect of higher incidents of vulnerability exploits. Whichever is the case, the open source community is good at addressing vulnerability issues. Once security risks are discovered, the community will quickly catalogue and provide patches for these vulnerabilities,” from the article.

Open Source Software Adds to Challenges

Open source code can be used across many applications, which adds to cybersecurity challenges, said the author. He added that “when a heavily leveraged piece of open source code contains a security flaw, it may render vulnerable a potentially large number of software applications that have integrated this code.” This makes it difficult for software developers to efficiently track all open source software components.

The author recommended a tool called a “binary code scanner” to access software code fingerprints, which can then be compared across all open source catalogues. Identification through this fingerprint matching system makes it easier to find known security vulnerabilities in code.

Make Vulnerability Identification a Priority

Addressing vulnerabilities has not become a top priority of the software development industry, according to the article. By taking time to address and repair known vulnerabilities, these cyber challenges can begin to pose less of a threat.

“Software developers, distributors and users can neutralize the threats posed by these vulnerabilities by understanding their code, finding the flaws, and proactively taking steps to address them,” the author concluded.

Click this link to read the full article on the Security magazine website.

Hikvision on Using Ethical Hackers to Uncover Vulnerabilities

Chuck Davis, Hikvision’s cybersecurity director, wrote a two-part blog about using ethical hackers to uncover vulnerabilities. In the piece, he outlined what a vulnerability is, outlined the responsible disclosure process, provided reasons to hire an ethical hacker, and offered three tips on hiring an ethical hacker to identify vulnerabilities.

In part two of the blog series, Hikvision’s Davis stated: “Vulnerabilities are bugs or flaws in computer code that, when exploited, cause a negative impact to confidentiality, integrity, or availability (according to Mitre). We call this the "CIA triad." Vulnerabilities can be found in both software and firmware and are prevalent in most code. The more lines of code, the more likely there are vulnerabilities.”

All devices on a network are computers, which includes IP-based video surveillance equipment and other IoT devices. And, all computers have vulnerabilities. The article describes ways to address these security concerns.

Visit this link to read “Using Ethical Hackers to Help Your Company Uncover Vulnerabilities” part one, and click here for part two.

IMPORTANT! This model requires non-standard firmware. Do Not Install standard firmware (e.g. v.4.1.xx) on this model. Doing so will permanently damage your system. You must use custom firmware v.4.1.25 from the iDS-9632NXI-I8/16S product page.

By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION General Terms of Use . If you don’t agree to these terms, you may not download or use any of those materials.

If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the General Terms of Use above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).