Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers.
Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.
Read more…
Source: TechCrunch News
Related:
- Exploiting AI – How Cybercriminals Misuse and Abuse Artificial Intelligence and Machine Learning
November 19, 2020
Artificial intelligence (AI) is swiftly fueling the development of a more dynamic world. AI, a subfield of computer science that is interconnected with other disciplines, promises greater efficiency and higher levels of automation and autonomy. Simply put, it is a dual-use technology at the heart of the fourth industrial revolution. Together with machine learning (ML) ...
- Food-Supply Giant Americold Admits Cyberattack
November 19, 2020
Americold, a company whose cold-storage capabilities are integral to the U.S. food-supply chain (and soon, COVID-19 vaccine distribution), has confirmed an operations-impacting cyberattack, according to a filing with the Securities and Exchange Commission (SEC). The filing was brief and read in part: “As a precautionary measure, the company took immediate steps to help contain the incident ...
- Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild
November 18, 2020
The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource management, agriculture, smart homes and far more. Hackers have been sounding alarms about this ...
- APT10: Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
November 17, 2020
A large-scale attack campaign is targeting multiple Japanese companies, including subsidiaries located in as many as 17 regions around the globe in a likely intelligence-gathering operation. Companies in multiple sectors are targeted in this campaign, including those operating in the automotive, pharmaceutical, and engineering sector, as well as managed service providers (MSPs). The scale and sophistication of ...
- More than 200 systems infected by new Chinese APT ‘FunnyDream’
November 17, 2020
A new Chinese state-sponsored hacking group (also known as an APT) has infected more than 200 systems across Southeast Asia with malware over the past two years. The malware infections are part of a widespread cyber-espionage campaign carried out by a group named FunnyDream, according to a new report published today by security firm Bitdefender. The attacks ...
- Information Leakage in AWS Resource-Based Policy APIs
November 17, 2020
Unit 42 researchers discovered a class of Amazon Web Services (AWS) APIs that can be abused to leak the AWS Identity and Access Management (IAM) users and roles in arbitrary accounts. Researchers confirmed that 22 APIs across 16 different AWS services could be abused the same way and the exploit works across all three AWS ...