Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.
Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.
Read more…
Source: TechCrunch News
Related:
- Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
October 13, 2022
Cisco Talos has discovered a new single-file command and control (C2) framework the authors call “Alchimist .” Talos researchers found this C2 on a server that had a file listing active on the root directory along with a set of post-exploitation tools. Cisco Talos assesses with moderate-high confidence that this framework is being used in the ...
- Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
October 13, 2022
On September 10, 2022, a user reported on Zimbra’s official forums that their team detected a security incident originating from a fully patched instance of Zimbra. The details they provided allowed Zimbra to confirm that an unknown vulnerability allowed attackers to upload arbitrary files to up-to-date servers. At the moment, Zimbra has released a patch ...
- Budworm: Espionage Group Returns to Targeting U.S. Organizations
October 13, 2022
The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature. The latter attack is the first time in a number of years Symantec has seen Budworm targeting a U.S-based ...
- Private health insurance company Medibank affected by cyber attack less than a month after telco Optus was targeted
October 13, 2022
Health insurance giant Medibank Group is the latest Australian company to become the target of a cyber attack. Last month telecommuncations company Optus was hit by a wide-scale breach which saw more than two million customers affected. Telstra was also rocked by a data breach which saw the personal details of 30,000 current and former staff leaked. Read ...
- Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike
October 12, 2022
QAKBOT’s malware distribution resumed on September 8, 2022 following a brief hiatus, when our researchers spotted several distribution mechanisms on this date. The distribution methods observed included SmokeLoader (using the ‘snow0x’ distributor ID), Emotet (using the ‘azd‘ distributor id), and malicious spam that used the ‘BB’ and ‘Obama20x’ IDs. A recent case involving the QAKBOT ‘BB’ ...
- New npm timing attack could lead to supply chain attacks
October 12, 2022
Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead. The attack relies on a small time difference in the return of a “404 Not Found” error when searching for a private compared to a non-existent ...