07 January 21, 11:03
Quote:Security experts are warning hackers are ramping up attempts to exploit a high-severity vulnerability that may still reside in over 100,000 Zyxel Communications products.
Zyxel, a Taiwanese manufacturer of networking devices, on Dec. 23 warned of the flaw in its firmware (CVE-2020-29583) and released patches to address the issue. Zyxel devices are generally utilized by small businesses as firewalls and VPN gateways.
Fast forward to this week, several security researchers have spotted “opportunistic exploitation” of Zyxel devices that have not yet received updates addressing the vulnerability.
“Likely due to the holidays, and maybe because [Niels Teusink, who discovered the flaw] did not initially publish the actual password, widespread exploitation via ssh has not started until now,” said Johannes Ullrich, of the SANS Internet Storm Center (ISC), in a Wednesday analysis. “But we are [now] seeing attempts to access our ssh honeypots via these default credentials.”
“The initial IPs scanning for this are all geo-locating back to Russia,” Ullrich told Threatpost. “But other than that, they are not specifically significant. Some of these IPs have been involved in similar internet wide scans for vulnerabilities before so they are likely part of some criminal’s infrastructure.”
Read more: https://threatpost.com/cybercriminals-ex...aw/162789/