0day

February 24, 2020

Zyxel Fixes 0day in Network Storage Devices

This post was originally published on this sitePatch comes amid active exploitation by ransomware gangs Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground. Based in Taiwan, Zyxel Communications Corp. (a.k.a “ZyXEL”) is a maker of networking devices, including Wi-Fi routers, NAS products and hardware firewalls. The company has roughly 1,500 employees and boasts some […]
February 26, 2020

Zyxel 0day Affects its Firewall Products, Too

This post was originally published on this siteOn Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products. This week’s story on the Zyxel patch was prompted by the discovery that exploit code for attacking the flaw was being sold in the cybercrime underground for $20,000. Alex Holden, the security expert who first spotted the code for sale, said at the time the […]