![]() ![]() In a statement issued later, Zyxel officials wrote: ![]() Equally unclear is how many customers are under attack, what their geographical breakdown is, and if attacks are successfully compromising customer devices or simply attempting to do so. It remains unclear if the weaknesses under attack are new or were previously known. “The threat actor attempts to access a device through WAN if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as ‘zyxel_silvpn,’ ‘zyxel_ts,’ or ‘zyxel_vpn_test,’ to manipulate the device's configuration.” ![]() “We’re aware of the situation and have been working our best to investigate and resolve it,” the email, which was posted to Twitter, said. When the attackers succeed in accessing the device, the email further appears to say, they are then able to connect to previously unknown accounts hardwired into the devices. The language in the email is terse, but it appears to say that the attacks target devices that are exposed to the Internet. In an email, the company said that targeted devices included security appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware. Network device maker Zyxel is warning customers of active and ongoing attacks that are targeting a range of the company’s firewalls and other types of security appliances. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |