Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.
Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.
Read more…
Source: TechCrunch News
Related:
- Malicious WhatsApp mod distributed through legitimate apps
October 12, 2022
Last year, Kaspersky researchers wrote about the Triada Trojan inside FMWhatsApp, a modified WhatsApp build. At that time, they discovered that a dropper was found inside the distribution, along with an advertising SDK. This year, the situation has repeated, but with a different modified build, YoWhatsApp version 2.22.11.75. Inside it, researchers have found a malicious ...
- How Wi-Fi spy drones snooped on financial firm
October 12, 2022
Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place. The idea of using consumer-oriented drones for hacking has been explored over the past decade at security conferences like Black Hat 2016, in both the US and in Europe. Naomi Wu, a DIY tech enthusiast, demonstrated a related project called Screaming ...
- Hacking group POLONIUM uses ‘Creepy’ malware against Israel
October 11, 2022
Security researchers reveal previously unknown malware used by the cyber espionage hacking group ‘POLONIUM,’ threat actors who appear to target Israeli organizations exclusively. According to ESET, POLONIUM uses a broad range of custom malware against engineering, IT, law, communications, marketing, and insurance firms in Israel. The group’s campaigns are still active at the time of writing. Microsoft’s ...
- Two Former eBay Employees Sentenced for Aggressive Cyberstalking Campaign
October 11, 2022
BOSTON – Two former employees of eBay, Inc. were sentenced today for their roles in a cyberstalking campaign targeting the editor and publisher of a newsletter that eBay executives viewed as critical of the company. Stephanie Popp, 34, of Louisville, Ky., eBay’s former Senior Manager of Global Intelligence, was sentenced to one year and one ...
- Hackers took down U.S. airport web sites, Department of Homeland Security confirms
October 10, 2022
Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major U.S. airports on Monday, a Department of Homeland Security official confirmed to USA TODAY. The official from DHS’ Cybersecurity and Infrastructure Security Agency or CISA, declined to comment on who might have been behind what appeared to be a coordinated series ...
- Intel Alder Lake BIOS code leak may contain vital secrets
October 10, 2022
Source code for the BIOS used with Intel’s 12th-gen Core processors has been leaked online, possibly including details of undocumented model-specific registers (MSRs) and even the private signing key for Intel’s Boot Guard security technology. The source code was apparently shared via 4chan and GitHub, in a file containing tools and code for generating and optimizing ...