Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.
Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.
Read more…
Source: TechCrunch News
Related:
- Moody’s turns up the heat on ‘riskiest’ sectors for cyberattacks
October 3, 2022
About $22 trillion of global debt rated by Moody’s Investors Service has “high,” or “very high” cyber-risk exposure, with electric, gas and water utilities, as well as hospitals, among the sectors facing the highest risk of cyberattacks. That’s more than one-quarter (28 percent) of the $80 trillion in Moody’s rated debt across 71 global sectors, and ...
- Microsoft Exchange server zero-day mitigation can be bypassed
October 3, 2022
Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. Threat actors are already chaining both of these zero-day bugs in active attacks to breach Microsoft Exchange servers and achieve remote code execution. Both security flaws were reported ...
- Ransomware gang leaks data stolen from LAUSD school system
October 3, 2022
Thousands of files apparently stolen last month in a ransomware attack on the Los Angeles Unified School District were released on the dark web over the weekend. The threat has been a major concern for the nation’s second-largest school district since Labor Day Weekend, when a cyber intrusion forced school district officials to take the extraordinary ...
- CISA Issues Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks
October 3, 2022
CISA has issued Binding Operational Directive (BOD) 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks, which seeks improve asset visibility and vulnerability enumeration across the federal enterprise. Although BOD 23-01 is only applicable to federal civilian executive branch (FCEB) agencies, CISA recommends all stakeholders review and incorporate the standards it sets forth. Doing so ...
- Russian retail chain ‘DNS’ confirms hack after data leaked online
October 3, 2022
Russian retail chain ‘DNS’ (Digital Network System) disclosed yesterday that they suffered a data breach that exposed the personal information of customers and employees. DNS is Russia’s second-largest computer and home appliance store chain, with 2,000 branches and 35,000 employees. According to the scant details provided in the announcement, a group of hackers residing outside the Russian ...
- UK: Liz Truss’ and Cabinet Ministers’ mobile numbers are being sold online for £6.49
October 2, 2022
The personal mobile phone numbers of the Prime Minister and 25 of her Cabinet Ministers are being sold on the internet, The Mail on Sunday can reveal. They can be accessed on a shady US website charging just £6.49 for access to the information, which cyber experts warn could be used by China and Russia to ...