Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.
Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.
Read more…
Source: TechCrunch News
Related:
- Iranian Cyber Group Emennet Pasargad Conducting Hack-and-Leak Operations Using False-Flag Personas
October 20, 2022
The FBI is providing information concerning ongoing hack-and-leak cyber operations conducted by Iranian cyber group Emennet Pasargad. According to FBI information, since at least 2020, Emennet targeted entities primarily in Israel with cyber-enabled information operations that included an initial intrusion, theft and subsequent leak of data, followed by amplification through social media and online forums, ...
- CISA Adds Two Known Exploited Vulnerabilities to Catalog
October 20, 2022
CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added ...
- Attack Surface Management 2022 Midyear Review – Part 1
October 20, 2022
The digital age is an exciting time for businesses as it offers the opportunity to be more efficient and effective with how things are done. Many companies have taken this opportunity by adopting new technologies that allow them not only to improve their operations but also to create a better culture within those organizations. However, the ...
- BlueBleed: Microsoft customer data leak claimed to be ‘one of the largest’ in years
October 20, 2022
Microsoft has confirmed one of its own misconfigured cloud systems led to customer information being exposed to the internet, though it disputes the extent of the leak. In a revelation this week, Microsoft’s Security Response Center (MSRC) said it was notified by threat intelligence firm SOCRadar on September 24 about a misconfigured endpoint that exposed business ...
- CISA Releases Three Industrial Control Systems Advisories
October 20, 2022
CISA has released three (3) Industrial Control Systems (ICS) advisories on October 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-293-01 Bentley Systems MicroStation Connect ICSMA-21-294-01 B Braun Infusomat Space Large Volume Pump ...
- From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
October 20, 2022
A new variant of the URSNIF malware, first observed in June 2022, marks an important milestone for the tool. Unlike previous iterations of URSNIF, this new variant, dubbed LDR4, is not a banker, but a generic backdoor (similar to the short-lived SAIGON variant), which may have been purposely built to enable operations like ransomware and ...