Thursday, December 5, 2024

GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI

Related stories

Skyhawk Launches Cloud Threat Detection for Zero Trust

Skyhawk Security, the originator of cloud threat detection and...

Amazon Q Developer Transforms Software Creation with AI

The most capable generative AI assistant for software development...

SmartDrone Acquires Skytec’s Drone Ops, Expands UAV Services

SmartDrone Corporation, "The U.S.A. Drone Company"®, is excited to announce the...

Bananaz Raises $5.3M Seed to Revolutionize Design with AI

The AI ​​copilot and change management platform bananaz is...

Ayon Basumallik Named SVP of Engineering at Code Metal

Lightmatter veteran brings deep technology expertise to help Code...
spot_imgspot_img

GreyNoise Intelligence, the cybersecurity company providing real-time, verifiable threat intelligence into internet scanning and exploitation, announced the discovery of two previously undisclosed critical and high-severity zero-day vulnerabilities in live streaming cameras reportedly used across industrial operations, government, healthcare, and other sensitive environments like houses of worship.

GreyNoise’s discovery was made possible by Sift, an internal, proprietary large language model (LLM) developed by GreyNoise that analyzes millions of web requests per day, identifying anomalous traffic that traditional cybersecurity methods might overlook. In this case, Sift flagged unrecognized traffic patterns, prompting GreyNoise researchers to dig deeper, resulting in the discovery of two new vulnerabilities that could potentially allow attackers to seize complete control of the cameras, view and/or manipulate video feeds, disable camera operations, and enlist the devices into a botnet to launch denial-of-service attacks.

This marks one of the first instances where threat detection has been augmented by AI to discover zero-day vulnerabilities, representing a groundbreaking advancement in cybersecurity and setting a new benchmark for how technology can accelerate threat detection and resolution.

Also Read: Alcatraz AI & Convergint Partner for AI-Powered Facial Security

“This isn’t about the specific software or how many people use it — it’s about how AI helped us catch a zero-day exploit we might have missed otherwise,” said Andrew Morris, Founder and Chief Architect at GreyNoise Intelligence. “We caught it before it could be widely exploited, reported it, and got it patched. The attacker put a lot of effort into developing and automating this exploit, and they hit our sensors. Today it’s a camera, but tomorrow it could be a zero-day in critical enterprise software. This discovery proves that AI is becoming essential for detecting and stopping sophisticated threats at scale.”

The vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, impact NDI-enabled pan-tilt-zoom (PTZ) cameras from several manufacturers, including PTZOptics, Multicam Systems SAS, and SMTAV Corporation. These cameras, reportedly used in sensitive environments like business conferences, telehealth sessions, and government settings, potentially represent an attractive target for malicious actors looking to compromise video feeds or use the devices as a point of entry into broader network infrastructure.

SOURCE: PRWeb

Subscribe

- Never miss a story with notifications


    Latest stories

    spot_img