Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.
Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.
Read more…
Source: TechCrunch News
Related:
- Lyceum group reborn
October 18, 2021
This year, Kaspersky researchers presented their research into the Lyceum group (also known as Hexane), which was first exposed by Secureworks in 2019. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia. According to older public accounts of the group’s activity, Lyceum conducted targeted ...
- Case Study: From BazarLoader to Network Reconnaissance
October 18, 2021
BazarLoader is Windows-based malware spread through various methods involving email. These infections provide backdoor access that criminals use to determine whether the host is part of an Active Directory (AD) environment. If so, criminals deploy Cobalt Strike and perform reconnaissance to map the network. If the results indicate a high-value target, criminals attempt lateral movement ...
- Acer hit with second cyberattack in less than a week, Taiwanese authorities notified
October 18, 2021
Acer has confirmed yet another cyberattack on its servers in Taiwan after their offices in India were hit less than a week ago by the same group. The Desorden Group — which claimed responsibility for both attacks — contacted ZDNet and said part of why they conducted the second attack was to prove their point “that ...
- $5.2 billion in BTC transactions tied to top 10 ransomware variants – US Treasury
October 15, 2021
More than $5 billion in bitcoin transactions has been tied to the top ten ransomware variants, according to a report released by the US Treasury on Friday. The department’s Financial Crimes Enforcement Network (FinCen) and Office of Foreign Assets Control (OFAC) released two reports illustrating just how lucrative cybercrime related to ransomware has become for the ...
- Security Risks with Private 5G in Manufacturing Companies Part. 2
October 15, 2021
The steel industry is a prime area for installing Private 5G Private 5G is said to bring about the “democratization of communications.” This technology allows private companies and local governments to take the driving seat in operating the latest information communication systems. However, not all organizations have the knowledge and ability to deal with telecom technology, ...
- TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates
October 15, 2021
The cybercriminals behind the infamous TrickBot trojan have signed two additional distribution affiliates, dubbed Hive0106 (aka TA551) and Hive0107 by IBM X-Force. The result? Escalating ransomware hits on corporations, especially using the Conti ransomware. The development also speaks to the TrickBot gang’s increasing sophistication and standing in the cybercrime underground, IBM researchers said: “This latest development ...