Get the latest market trends in your inbox

Stay on top of the latest market trends and economic insights with the Axios Markets newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: Omar Marques/SOPA Images/LightRocket via getty

Researchers at Tenable announced Monday a security flaw in the firmware of network video recorders made by NUUO that could allow hackers to delete or modify surveillance videos or turn off surveillance entirely. It is not yet patched, although Tenable claims a patch might be available tomorrow.

Why it matters: NUUO makes hardware that records and manages security camera footage. The company's product integrates with more than 100 different camera brands.

The technical details: The vulnerability, which Tenable has dubbed "Peekaboo," is a firmware-level problem allowing for remote code execution.

  • The bug is what's known as a buffer overflow, where an attacker sends more data than a computer is designed to receive, leading the computer to inadvertantly store the leftover data as commands the computer will later run.
  • The company posted a blog with more information and a tool to determine whether systems are vulnerable.

Why announce before a patch is available? There is always a concern when researchers announce vulnerabilities before a patch is available that hackers might use that information to take advantage of unpatched systems.

  • Researchers often give a deadline for a company to show progress in developing a patch before announcing a vulnerability to the public to incentivize manufacturers taking vulnerability reports seriously.
  • In this case, Tenable alerted the media after giving NUUO 105 days to announce a release date for a patch (Tenable gives a deadline of 90 days). NUUO only announced the patch early Monday, after the media had already been notified.
  • "We believe that, thanks to our disclosure the vendor released the patch," Renaud Deraison, co-founder and chief technology officer at Tenable, told Axios.

Go deeper

50 mins ago - Health

WHO: AstraZeneca vaccine must be evaluated on "more than a press release"

A medical syringe and vial with fake coronavirus vaccine in front of the World Health Organization (WHO) logo. Photo Illustration: Pavlo Gonchar/SOPA Images/LightRocket via Getty Images

Top scientists at the World Health Organization on Friday called for more detailed information on a coronavirus vaccine developed by AstraZeneca and the University of Oxford.

Why it matters: Oxford and AstraZeneca have said the vaccine was 90% effective in people who got a half dose followed by a full dose, and 62% effective in people who got two full doses. AstraZeneca has since acknowledged that the smaller dose received by some participants was the result of an error by a contractor, per the New York Times.

Court rejects Trump campaign's appeal in Pennsylvania case

Photo: Sarah Silbiger for The Washington Post via Getty Images

A federal appeals court on Friday unanimously rejected the Trump campaign's emergency appeal seeking to file a new lawsuit against Pennsylvania's election results, writing in a blistering ruling that the campaign's "claims have no merit."

Why it matters: It's another devastating blow to President Trump's sinking efforts to overturn the results of the election. Pennsylvania, which President-elect Joe Biden won by more than 80,000 votes, certified its results last week and is expected to award 20 electoral votes to Biden on Dec. 12.

Dave Lawler, author of World
3 hours ago - World

Belarus dictator Lukashenko says he'll leave post after new constitution

Photo: Valery Sharifulin\TASS via Getty

Longtime Belarusian President Aleksandr Lukashenko has said he will step down after a new constitution comes into force, according to Belarusian state media.

Why it matters: Lukashenko has faced three months of protests following a rigged election in August. He has promised to reform the constitution to reduce the near-absolute powers of the president, but has insisted that his strong hand is needed to see that process through.