CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks

December 4, 2024 at 08:19AM CISA warned of a high-severity vulnerability (CVE-2024-11667) in Zyxel firewall devices, exploited in the wild, allowing unauthorized file access. Zyxel issued patches, but users must change passwords for complete protection. CISA urges federal agencies to update their systems by December 24 and recommends all organizations to follow suit. ### Meeting … Read more

Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks

November 25, 2024 at 12:56PM Zyxel warns that threat actors are exploiting a patched command injection vulnerability (CVE-2024-42057) in its firewalls, allowing remote code execution. A ransomware group, Helldown, has targeted affected devices. Users must upgrade to firmware 5.39 as earlier versions are susceptible to attacks. Immediate action is advised for optimal protection. ### Meeting … Read more

Linux Variant of Helldown Ransomware Targets VMware ESxi Systems

November 19, 2024 at 05:15PM The emerging Helldown ransomware targets organizations using VMware ESXi servers, exploiting undocumented vulnerabilities in Zyxel firewalls. Since August, it has impacted 31 victims, mainly US businesses. Helldown employs sophisticated tactics to steal and threaten to leak sensitive data, emphasizing the importance of vigilant security measures for virtualized infrastructures. ### Meeting … Read more

Zyxel Patches Critical Vulnerabilities in Networking Devices

September 4, 2024 at 08:36AM Zyxel has released patches addressing critical vulnerabilities in their networking devices. The patches cover multiple access point and security router models, as well as firewall series devices. The vulnerabilities could allow remote attackers to execute arbitrary commands or cause a denial-of-service condition. Zyxel advises affected product owners to obtain the … Read more

Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers

September 4, 2024 at 08:31AM Zyxel has released software updates to address a critical security flaw (CVE-2024-7261) affecting some access points and security routers, along with updates for seven other vulnerabilities. The flaws could result in unauthorized command execution, denial-of-service, or access to browser-based information. D-Link has announced that certain security vulnerabilities will not be … Read more

Recent Zyxel NAS Vulnerability Exploited by Botnet

June 25, 2024 at 09:44AM A critical vulnerability in discontinued Zyxel NAS devices, tracked as CVE-2024-29973, allows for remote code execution through crafted HTTP POST requests. Exploited by a Mirai-like botnet, the flaw was discovered by security researcher Timothy Hjort. Zyxel released patches for the vulnerability, urging users to update devices or consider replacing them. … Read more

Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models

June 5, 2024 at 04:03AM Zyxel has released security updates for two end-of-life network-attached storage devices to address critical flaws. The vulnerabilities could allow unauthenticated attackers to execute operating system commands and arbitrary code. Outpost24 security researcher Timothy Hjort discovered and reported the flaws. Users are urged to update to the latest version for optimal … Read more

Mirai DDoS malware variant expands targets with 13 router exploits

October 10, 2023 at 04:36PM The Mirai-based DDoS malware botnet known as IZ1H9 has expanded its targets to include Linux-based routers and routers from brands like D-Link, Zyxel, TP-Link, and TOTOLINK. Fortinet researchers have observed high exploitation rates in September, with tens of thousands of attempts on vulnerable devices. IZ1H9 compromises devices, enlists them in … Read more

October 10, 2023 at 11:54AM – Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal

October 10, 2023 at 11:54AM A variant of the Mirai botnet, known as IZ1H9, has updated its tools with 13 new exploits targeting vulnerabilities in IoT devices from various manufacturers, including D-Link, TP-Link, Zyxel, and others. This variant is highly active in exploiting these vulnerabilities for distributed denial-of-service (DDoS) attacks. Fortinet observed thousands of attack … Read more