SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, September 25th, 2025: Hikvision Exploits; Cisco Patches; Sonicawall Anit-Rootkit Patch; Windows 10 Support
Sep 25, 2025
The discussion highlights a sharp rise in attacks targeting older Hikvision cameras, primarily due to weak passwords. A critical Cisco vulnerability has been patched but is already being exploited, requiring admin rights for access. SonicWall introduces a necessary firmware update to combat a persistent rootkit in its devices. Meanwhile, Microsoft steps in with an extension of free support for Windows 10, ensuring users in the US and Europe remain secure without extra costs. Cybersecurity news just keeps getting more intense!
AI Snips
Chapters
Transcript
Episode notes
Secure Old Hikvision DVRs Now
- If you still run Hikvision DVRs, secure and patch them and change default credentials immediately.
- Johannes Ullrich warns attackers are brute-forcing credentials like admin:11 with credentials in the URL.
UI Promotes Weak Numeric Passwords
- Many Hikvision devices default to numeric on-screen keyboards which encourage weak numeric passwords.
- That UI friction can lock users into weak passphrases and raise brute-force risk.
SNMP Flaw Enables Root Persistence
- Cisco patched a stack-based SNMP overflow that is already exploited in the wild.
- Exploitation requires admin access and yields root code execution, enabling persistent compromise.