Organizations must be cautious about how they interact with other regions around the world in order to operate safely in an at-times adversarial landscape. Read More
Related Posts
(Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13
(Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13
This week on the Lock and Code podcast…
Ready to know what Malwarebytes knows?
Ask us your questions and get some answers.
What is a passphrase and what makes it—what’s the word?
Strong?
Every day, countless readers, listeners, posters, and users ask us questions about some of the most commonly cited topics and terminology in cybersecurity. What are passkeys? Is it safer to use a website or an app? How can I stay safe from a ransomware attack? What is the dark web? And why can’t cybercriminals simply be caught and stopped?
For some cybersecurity experts, these questions may sound too “basic”—easily researched online and not worth the time or patience to answer. But those experts would be wrong.
In cybersecurity, so much of the work involves helping people take personal actions to stay safe online. That means it’s on cybersecurity companies and practitioners to provide clarity when the public is asking for it. it’s on us to provide clarity. Without this type of guidance, people are less secure, scammers are more successful, and clumsy, fixable mistakes are rarely addressed.
This is why, this summer, Malwarebytes is working harder on meeting people where they are. For weeks, we’ve been collecting questions from our users about WiFi security, data privacy, app settings, device passcodes, and identity protection.
All of these questions—no matter their level of understanding—are appreciated, as they help the team at Malwarebytes understand where to improve its communication. In cybersecurity, it is critical to create an environment where, for every single person seeking help, it’s safe to ask. It’s safe to ask what’s on their mind, safe to ask what confuses them, and safe to ask what they might even find embarrassing.
Today, on the Lock and Code podcast with host David Ruiz, we speak with Malwarebytes Product Marketing Manager Tjitske de Vries about the modern rules around passwords, the difficulties of stopping criminals on the dark web, and why online scams hurt people far beyond their financial repercussions.
“We had [an] 83-year-old man who was afraid to talk to his wife for three days because he had received… a sextortion scam… This is how they get people, and it’s horrible.”
Tune in today to listen to the full conversation.
Show notes and credits:
Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)
Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.
Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.
Gafgyt Malware Actively Attacking Zyxel Router Command Injection Flaw
Gafgyt Malware Actively Attacking Zyxel Router Command Injection Flaw
The ZyXEL router has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user.
In the ever-evolving landscape of cyber threats, a resurgence of attacks on legacy devices has emerged.
The targeted exploitation of the Zyxel P660HN-T1A v1 router exemplifies the persistence and adaptability of cyber criminals.
This article sheds light on the Zyxel Router Command Injection Attack, a vulnerability that continues to haunt the cybersecurity realm.
Unmasking the Vulnerability
The Zyxel P660HN-T1A router, a once-reliable networking tool, now stands as a cautionary tale of the risks associated with end-of-life devices.
The command injection vulnerability, known by its CVE identifier – CVE-2017-18368, resides within the Remote System Log forwarder function of firmware version 3.40 (ULM.0) b3.
This flaw allows malicious actors to remotely execute operating system commands through a carefully crafted HTTP request, even without authentication.
Despite efforts to mitigate the threat, the Zyxel P660HN-T1A router remains a target for attackers.
A variant of the Gafgyt malware has honed in on this vulnerability, infecting IoT devices from multiple brands.
Leveraging the outdated CVE-2017-18368, these attackers recruit compromised devices into botnets, perpetuating their malevolent activities.
While a patch was issued by Zyxel in 2017, the vulnerability persists, as the router has reached its end-of-life, leaving it unsupported and vulnerable.
Document
FREE Webinar
API Security Fundamentals: How to Discover, Scan and Protect APIs
API Attacks Have Increased by 400% – Understand the Fundamentals of Protecting Your APIs with a Positive Security Model – Register Now for a Free Webinar
Tracking the Ongoing Threat
Feb 10, 2017: FortiGuard Labs introduced an Intrusion Prevention System (IPS) signature to detect and thwart Zyxel router attacks targeting CVE-2017-18368.
Aug 7, 2023: FortiGuard Labs continues to witness attack attempts exploiting the 2017 vulnerability, having successfully blocked thousands of unique IPS devices over the past month.
Aug 7, 2023: The Cybersecurity and Infrastructure Security Agency (CISA) has formally included CVE-2017-18368 in its Known Exploited Catalog.
In the face of this persistent threat, a multi-faceted approach to cybersecurity defense is essential:
Reconnaissance: Implement robust IPS solutions to identify and thwart attack attempts on vulnerable Zyxel routers.
Detection: Stay vigilant by monitoring and correlating crucial information to promptly identify outbreaks and generate informative reports.
Response: Develop proactive containment strategies, utilizing automated response mechanisms and seeking expert assistance for thorough analysis and response.
Recovery and Future Resilience
As organizations navigate the aftermath of such attacks, bolstering security posture and processes is imperative:
NOC/SOC Training: Equip network and security professionals with comprehensive training to optimize incident response and combat evolving cyber threats.
Security Awareness: Raise employee awareness regarding phishing, drive-by downloads, and other cyberattack vectors to fortify the human element of defense.
The Zyxel Router Command Injection Attack serves as a stark reminder that cybersecurity threats respect no boundaries, even with devices that have reached their end-of-life. Organizations must remain vigilant, embracing cutting-edge defense mechanisms and fostering a culture of security awareness.
By heeding the lessons from this ongoing battle, we can better safeguard our digital landscapes from the relentless onslaught of cyber adversaries.
Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.
The post Gafgyt Malware Actively Attacking Zyxel Router Command Injection Flaw appeared first on Cyber Security News.
Cyber Security News
Cisco SD-WAN vManage impacted by unauthenticated REST API access
Cisco SD-WAN vManage impacted by unauthenticated REST API access
The Cisco SD-WAN vManage management software is impacted by a flaw that allows an unauthenticated, remote attacker to gain read or limited write permissions to the configuration of the affected instance. […] Read More
BleepingComputer