zCat on Nostr: Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks Zyxel has issued ...
Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks
Zyxel has issued a fresh warning on threat actors exploiting a recently patched command injection vulnerability in its firewalls after security firms have observed a ransomware group targeting the flaw for initial compromise.
The bug, tracked as CVE-2024-42057, could allow remote attackers to execute OS commands on vulnerable devices, without authentication.
Zyxel announced patches for this flaw and six other security defects on September 3, explaining that only devices configured in User-Based-PSK authentication mode on which a valid user with a long username exceeding 28 characters exists are affected.
Zyxel addressed these vulnerabilities with the release of firmware version 5.39 for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series devices.
See more: https://www.securityweek.com/recent-zyxel-firewall-vulnerability-exploited-in-ransomware-attacks/
#cybersecurity #ransomware #zyxel
Zyxel has issued a fresh warning on threat actors exploiting a recently patched command injection vulnerability in its firewalls after security firms have observed a ransomware group targeting the flaw for initial compromise.
The bug, tracked as CVE-2024-42057, could allow remote attackers to execute OS commands on vulnerable devices, without authentication.
Zyxel announced patches for this flaw and six other security defects on September 3, explaining that only devices configured in User-Based-PSK authentication mode on which a valid user with a long username exceeding 28 characters exists are affected.
Zyxel addressed these vulnerabilities with the release of firmware version 5.39 for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series devices.
See more: https://www.securityweek.com/recent-zyxel-firewall-vulnerability-exploited-in-ransomware-attacks/
#cybersecurity #ransomware #zyxel