viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
Hackers are using unknown user accounts to target Zyxel firewalls and VPNs
Technology

Hackers are using unknown user accounts to target Zyxel firewalls and VPNs

24/06/2021

Promotional image of roucter.

Network device maker Zyxel is warning customers of active and ongoing attacks that are targeting a range of the company’s firewalls and other types of security appliances.

In an email, the company said that targeted devices included security appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. The language in the email is terse, but it appears to say that the attacks target devices that are exposed to the Internet. When the attackers succeed in accessing the device, the email further appears to say, they are then able to connect to previously unknown accounts hardwired into the devices.

Batten down the hatches

“We’re aware of the situation and have been working our best to investigate and resolve it,” the email, which was posted to Twitter, said. “The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as ‘zyxel_silvpn,’ ‘zyxel_ts,’ or ‘zyxel_vpn_test,’ to manipulate the device’s configuration.”

It remains unclear if the weaknesses under attack are new or were previously known. Equally unclear is how many customers are under attack, what their geographical breakdown is, and if attacks are successfully compromising customer devices or simply attempting to do so.

In a statement issued later, Zyxel officials wrote:

Initially reported from users in Europe, Zyxel became aware of a sophisticated threat actor that attempts to access a subset of Zyxel security devices through the WAN in order to bypass authentication and establish SSL VPN tunnels with unknown user accounts. Zyxel is currently evaluating the attack vectors to determine whether this is a known or unknown vulnerability.

Zyxel has developed guidance to enable users to temporarily mitigate the security incident and contain the threat. A SOP was sent out to all registered users of USG/ZyWALL, USG FLEX, ATP, or VPN series devices. Zyxel is developing a firmware update to address user interface security practices as described in the SOP to reduce the attack surface.

The number of affected customers is unknown at this time because it appears that the devices being exploited have their web management publicly accessible and are not locked down.

Based on the vague details available so far, the vulnerability sounds reminiscent of CVE-2020-29583, which stemmed from an undocumented account with full administrative system rights that used the hardcoded password “PrOw!aN_fXp.” When Zyxel fixed the vulnerability in January, however, the account was listed as “zyfwp,” a name that doesn’t appear in the email Zyxel sent to customers this week.

Advertisement

In any event, the email said that the best way for customers to secure their Zyxel devices is to follow the guidelines published here. The guidelines contain generic advice such as configuring appliances using the lowest privileges possibile, patching devices, using two-factor authentication, and remaining wary of phishing attacks.

The email comes as firewalls, VPNs, and other devices used to secure networks have emerged as a key vector for hackers pushing ransomware- or espionage-motivated attacks. The appliances typically sit at the network perimeter to filter or block traffic moving into or out of the organization. Once breached, these devices often give attackers the ability to pivot to internal networks.

In the past few years, vulnerabilities in the Fortigate SSL VPN and the competing Pulse Secure SSL VPN have come under attack. Devices from Sonicwall have also been compromised through security vulnerabilities. The threats show how security appliances can actually make networks less secure when they’re not carefully locked down.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

PlayStation 5 gets Godfall looter-slasher from Gearbox Publishing
TechCrunch ist Teil von Verizon Media. Klicken Sie auf ‘Ich …

India’s Swiggy raises $43M to expand to new businesses

9 deals you can save extra on for the 4th of July
As odd as 2020 has been, we’re more than halfway …

9 deals you can save extra on for the 4th of July

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • If your data science rollout is failing, this may be why
    If your data science rollout is failing, …
    20/07/2020
  • What’s next for consumer AR in 2020
    What’s next for consumer AR in 2020
    26/12/2019
  • Black entrepreneurs can tap new markets — but only with VC backing
    Black entrepreneurs can tap new markets — …
    09/08/2020
  • 5 keys to a smart start with 5G and edge
    5 keys to a smart start with …
    06/01/2020
  • Dozens of companies have data dumped online by ransomware ring seeking leverage
    Dozens of companies have data dumped online …
    29/01/2020

Popular Posts

  • 10 Real Historical Events That Inspired ‘Game …
    22/05/2022 0
  • Top 10 Most Singular Encounters with Unidentified …
    24/04/2022 0
  • 10 Creepy Apocalyptical Predictions – Listverse
    25/04/2022 0
  • 10 Meetings That Shaped History – Listverse
    25/04/2022 0
  • The first “Meta Store” is opening in California in May
    The first “Meta Store” is opening in …
    25/04/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh