Valid user credentials that they had previously harvested from the breach of past known vulnerabilities, potentially CVE-2020-29583 or CVE-2020-9054, were completely fixed in March and December 2020. Based on our investigation, they could be abusing a combination of attack vectors, including: Zyxel has been collaborating with third-party security researchers to track the threat actors’ activities. Updates now available! Users are advised to install the patches for optimal protection.īased on our investigation, the threat actors attempt to access a device through WAN if successful, they then try to log in with stolen, valid credentials or bypass authentication, and to establish SSL VPN tunnels with existing or newly created users accounts, such as “zyxel_sllvpn”, “zyxel_ts”, or “zyxel_vpn_test”, to manipulate the devices’ configuration. Zyxel has been tracking the recent activity of threat actors targeting Zyxel security appliances and has released firmware patches to defend against it. (Follow this article to receive further updates, click "Follow Button" to receive an E-Mail if this article gets an update!)
0 Comments
Leave a Reply. |