Keeping track of the software and hardware you use, that then are discovered to have security flaws in them is important, especially if those flaws are being exploited by threat actors. The quicker you or the people responsible for your cyber security know there are issues, the quicker any available …
CISA posts advisories on a range of security patches
Other vendors issue their monthly security and feature patches on or around Microsoft Patch Tuesday – it makes sense to get the updates all done together. The US government Cybersecurity and Infrastructure Security Agency (CISA) – one of my go to cyber security sites – issues regular round-ups of the …
Continue reading “CISA posts advisories on a range of security patches”
Routers and NAS Devices
Recently we covered the issues of hardware vulnerabilities and how network devices and other hardware are often missed when it comes to cyber security patching. Here are two more examples of why you should not miss the hardware… New Condi malware builds DDoS botnet out of TP-Link AX21 routers (bleepingcomputer.com) …
Zyxel firewall flaw
For smaller organisations updating network devices is often overlooked. CISA is warning of a flaw in Zyxel firewalls that is being actively exploited by hackers even though the vendor issued patches for the vulnerability over a month ago! CISA Adds One Known Exploited Vulnerability to Catalog | CISA Hackers exploit …
Do you use Zyxel equipment?
If your network uses Zyxel equipment then you need to check if it is on the list compromised equipment that needs patching. Zyxel warns of critical vulnerabilities in firewall and VPN devices (bleepingcomputer.com)
Zerobot malware targets a wide range of vulnerable devices – are your devices on the list?
From online CCTV cameras to popular router modems, Zerobot malware is infecting devices that have not been patched to build a network to carry out distributed denial of service attacks (DDoS). New Zerobot malware has 21 exploits for BIG-IP, Zyxel, D-Link devices (bleepingcomputer.com) The Bleeping Computer article has the details …
CISA updates on Apache and two more vulnerabilities added to their database – UPDATED 18 May 2022
The vulnerabilities are for Zyxel firewalls and VMWare Spring Cloud. CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA The Apache issue is with Tomcat: Apache Releases Security Advisory for Tomcat | CISA Researchers, NSA cybersecurity director warn of hackers targeting Zyxel vulnerability – The Record by Recorded Future
