Two IP cameras sold by Loftek and VStartcam are leaving over 1.3 million users open to 21 vulnerabilities that range from a lack of HTTPS encryption to bugs that open users up to cross-site request forgery attacks.

Hikvision recently patched a backdoor in a slew of its cameras that could have made it possible for a remote attacker to gain full admin access to affected devices.

A researcher poked holes in seven different IoT devices at last week’s Security Analyst Summit, including a host of travel routers, NAS devices, and an IP-enabled camera.

Mike Mimoso and Chris Brook discuss the news of the week including a rash of new IP camera backdoors, James Comey’s talk at Boston College, hacking back vs. active defense, and the DOJ dropping one of its Playpen cases.

A researcher claims that almost 200,000 shoddily made IP cameras could be an easy target for attackers looking to spy, brute force them or steal their credentials.

A researcher claims a backdoor exists in several DVRs and IP-enabled cameras manufactured by Dahua.

A researcher claims a backdoor exists in several DVRs and IP-enabled cameras manufactured by Dahua.

Backdoors, likely intentional remote administration features, were closed off in 80 different Sony IP-enabled cameras running the IPELA Engine technology.

Browser makers and other tech companies have gone to great pains to beef up weak crypto libraries, in particular those that are exposed to fallback attacks such as POODLE. Attackers exploiting these vulnerabilities are able to dial back the encryption protecting communication to SSLv2 and SSLv3, for example, forcing servers to fall back to these...