Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.
Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.
Read more…
Source: TechCrunch News
Related:
- Threat Assessment: Matrix Ransomware
March 26, 2021
Matrix is a ransomware family that was first identified publicly in December 2016. Over the years since its inception, it has primarily targeted small- to medium-sized organizations. As of 2019, it had been observed across geographic locations such as the U.S., Belgium, Taiwan, Singapore, Germany, Brazil, Chile, South Africa, Canada and the UK. While initially leveraging ...
- Fleeceware Apps Bank $400M in Revenue
March 25, 2021
About 204 different “fleeceware” applications with a combined billion+ downloads have raked in more than $400 million in revenue so far, via the Apple App Store and Google Play, analysis has revealed. Fleeceware apps generally offer users a free trial to “test” the app, before commencing automatic payments that can be exorbitant. In an analysis from ...
- Threat landscape for industrial automation systems. Statistics for H2 2020
March 25, 2021
There is no longer a downward trend in the percentage of ICS computers on which malicious objects were blocked. Starting with the second half (H2) of 2019, we observed a decline in the percentages of ICS computers on which malicious objects were blocked. This was observed in industrial control systems (ICS) as well as in corporate ...
- Fake Websites Used in COVID-19 Themed Phishing Attacks, Impersonating Brands Like Pfizer and BioNTech
March 25, 2021
In April 2020, we reported on a large influx of COVID-19 themed phishing attacks starting in February 2020. With March 2021 marking the one-year anniversary that the World Health Organization declared COVID-19 a pandemic, we revisited the phishing trends we observed in the past year to gain deeper insight into the various COVID-related topics that ...
- Ransomware attack halts production at IoT maker Sierra Wireless
March 23, 2021
A multinational manufacturer of Internet of Things (IoT) devices has halted production after falling victim to a ransomware attack. Canadian IoT maker Sierra Wireless says it suffered a ransomware attack against its internal IT systems on March 20, which has led to production being halted at its manufacturing sites. Internal operations have also been disrupted by ...
- Ransomware gang leaks data stolen from Colorado, Miami universities
March 23, 2021
Grades and social security numbers for students at the University of Colorado and University of Miami patient data have been posted online by the Clop ransomware group. Starting in December, threat actors affiliated with the Clop ransomware operation began targeting Accellion FTA servers and stealing the data stored on them. Companies use these servers to share ...