Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.
Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.
Read more…
Source: TechCrunch News
Related:
- NHS boss’s Twitter accounts hacked by PS5 scammers
March 19, 2021
NHS executive Helen Bevan had her two Twitter accounts, with nearly 140,000 followers, stolen by hackers and used to promote fake PlayStation 5 sales. She now has the accounts back but has received dozens of messages from people who fell for the scam. Ms Bevan also paid money to someone who said they could help – but ...
- SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests
March 18, 2021
Cyberattackers involved in worldwide hacking campaigns are using the compromised systems of high-profile victims as playgrounds to test out malicious tool detection rates. On Thursday, Swiss cybersecurity firm Prodaft said that SilverFish (.PDF), an “extremely skilled” threat group, has been responsible for intrusions at over 4,720 private and government organizations including “Fortune 500 companies, ministries, airlines, ...
- Apple developers targeted by new malware, EggShell backdoor
March 18, 2021
Malicious Xcode projects are being used to hijack developer systems and spread custom EggShell backdoors. The malware, dubbed XcodeSpy, targets Xcode, an integrated development environment (IDE) used in macOS for developing Apple software and applications. According to research published by SentinelLabs on Thursday, the Run Script feature in the IDE is being exploited in targeted attacks against ...
- Security Researcher Hides ZIP, MP3 Files Inside PNG Files on Twitter
March 18, 2021
A security researcher has discovered a novel steganography technique for hiding data inside a Portable Network Graphics (.PNG) image file posted on Twitter, a tactic that could be exploited by threat actors to hide malicious activity. Researcher David Buchanan heralded his discovery on Twitter earlier this week, accompanied by a photo declaring: “Save this image and ...
- New CopperStealer malware steals Google, Apple, Facebook accounts
March 18, 2021
Previously undocumented account-stealing malware distributed via fake software crack sites targets the users of major service providers, including Google, Facebook, Amazon, and Apple. The malware, dubbed CopperStealer by Proofpoint researchers, is an actively developed password and cookie stealer with a downloader feature that enables its operators to deliver additional malicious payloads to infected devices. The threat actors ...
- Convuster: macOS adware now in Rust
March 18, 2021
Traditionally, most malicious objects detected on the macOS platform are adware: besides the already familiar Shlayer family, the TOP 10 includes Bnodlero, Cimpli, Adload and Pirrit adware. As a rule, most tend to be written in C, Objective-C or Swift. Recently, however, cybercriminals have been paying increased attention to new programming languages, seemingly in the ...