Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.
Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.
Read more…
Source: TechCrunch News
Related:
- Open source software has its perks, but supply chain risks can’t be ignored
February 22, 2023
Open source components play an increasingly central role in the software development scene, proving to be a boon in a time of continuous integration and deployment, DevOps, and daily software updates. In a report last year, silicon design automation outfit Synopsys found that 97 percent of codebases in 2021 contained open source, and that in four ...
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
February 21, 2023
ISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-47986 IBM Aspera Faspex Code Execution Vulnerability CVE-2022-41223 Mitel MiVoice Connect Code Injection Vulnerability CVE-2022-40765 Mitel MiVoice Connect Command Injection Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases Two Industrial Control Systems Advisories
- Russian state TV ‘hit by cyber attack’ during Putin’s speech
February 21, 2023
Russian state TV stations have reportedly been hit by a cyber attack as Vladimir Putin delivered a keynote speech on the Ukraine war. State media websites broadcasting the State of the Nation address suffered an outage on Tuesday morning. Read more… Source: The Independent
- 2022 in review: DDoS attack trends and insights
February 21, 2023
As organizations strengthen their defenses and take a more proactive approach to protection, attackers are adapting their techniques and increasing the sophistication of their operations. Cybercrime continues to rise with the industrialization of the cybercrime economy providing cybercriminals with greater access to tools and infrastructure. In the first half of 2022, the cyberthreat landscape was focused ...
- A Deep Dive into the Evolution of Ransomware Part 1
February 21, 2023
Ransomware has become a notorious and damaging form of malware, inflicting financial losses on enterprises, governments, healthcare organizations and core infrastructure. Ransomware has been a very profitable activity for malicious actors. However, we want to investigate what would cause changes in this business model—both in the far future and near future. Trend Micro team conducted comprehensive ...
- In Review: What GPT-3 Taught ChatGPT in a Year
February 21, 2023
More than a year since the world’s general enthusiasm for the then-novel GPT-3, we took a closer look at the technology and analyzed its actual capabilities and potential for threats and malfeasance. Trend Micro considerations were collected in our Codex Exposed blog series as it focused on the most prominent aspects of the technology from a ...