Encircle News!

Retro Game Arcade
, , ,

Zyxel VPN security flaw targeted by new ransomware attackers

TechRadar – All the latest technology news

  • Researchers spot Helldown exploiting Zyxel VPN to breach networks
  • The flaw was previously undisclosed
  • The crooks mostly target SMBs in the US and Europe

There appears to be a new ransomware player in town, exploiting vulnerabilities in Zyxel firewalls and IPSec access points to compromise victims, steal their data, and encrypt their systems.

The group is called Helldown, and has been active since summer 2023, a new report from cybersecurity researchers has revealed Sekoia, noting the group most likely uses a previously undisclosed vulnerability in Zyxel’s firewalls for initial access.

Furthermore, the group seems to be exploiting CVE-2024-42057, a command injection bug in IPSec VPN that, in certain scenarios, grants unauthenticated users the ability to run OS commands.

Dozens of victims

When they breach a target network, they steal as many files as they can, and encrypt the system. For encryption, they seem to be using a piece of software developed from the leaked LockBit 3 builder. The researchers said the encryptor was relatively basic, but also probably still under development.

As basic as it is, the encryptor still locked down at least 31 organizations, as that’s the number of victims listed on the group’s data leak site. According to BleepingComputer, between November 7 and today, the number dropped to 28, which could be a hint that some organizations paid the ransom demand. We don’t know who the victims are, or how much money the crooks demanded in return for the decryption key and for keeping the data secure.

Most of the victims seem to be small and medium-sized organizations in the United States and Europe.

If the researchers are indeed right, and Helldown does use flaws in Zyxel and IPSec instances to breach the networks, the best way to defend would be to keep these devices up to date, and limit access to trusted accounts only. CVE-2024-42057 that plagues IPSec was fixed on September 3, and the earliest clean firmware version is 5.39. For Zyxel, since the vulnerability is still undisclosed, it would be wise to keep an eye on upcoming advisories and deploy the patch as soon as it’s published.

Via BleepingComputer

You might also like

https://www.techradar.com/pro/security/zyxel-vpn-security-flaw-targeted-by-new-ransomware-attackers

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent This Week in Tech (Audio)

In this week's episode of This Week in Tech, Leo Laporte and guests Devindra Hardawar, Doc Rock, and Jennifer Pattison Tuohy discuss a wide range of topics including Australia's ban on social media for under 16s, the latest in smart home technology and Matter protocol, CES 2024 expectations, Black Friday sales records, Elon Musk's legal battles, the FTC's efforts to protect consumers, and the growing threat of infrastructure sabotage. The panel also touches on the lifespan of smart devices, the ownership of social media accounts, and the growth of Bluesky. Australia bans social media for everyone under 16, sparking a discussion on the challenges of age verification, the necessity of such measures, and the potential impact on children's social lives Jennifer shares her thoughts on the progress and challenges of Matter protocol, the future of smart home technology, and the killer use cases like energy management that could drive broader adoption Devindra looks forward to checking out the latest tech at CES 2024, while the panel discusses the impact of potential tariffs on consumer electronics prices Black Friday online sales hit a record $74.4B, up 5% from last year, with over half of spending done on mobile devices and a surge in traffic to retail sites from AI chatbots Elon Musk files for an injunction to halt OpenAI's transition to a for-profit, accusing the company of discouraging investors from backing rivals like his own xAI Musk admits X is throttling links, effectively limiting people from reading news on the platform, which could impact content creators and marketers The panel discusses the implications of X's objection to The Onion buying InfoWars, reminding users that they do not own their social media accounts or followers As alternative social media platforms like Bluesky gain traction, the panel considers the challenges of managing multiple platforms and the potential for a more decentralized social media landscape The FTC releases a report on the hidden lifespan of smart devices, highlighting the need for transparency and the potential security risks of unsupported devices FTC changes its telemarketing rules to better protect consumers from growing 'tech support scam' calls Supreme Court considers whether ISPs should be liable for users' piracy, with potential far-reaching consequences Concerns rise over infrastructure sabotage as a Chinese ship's crew is suspected of deliberately dragging an anchor for 100 miles to cut Baltic cables Meta plans to build a $10B subsea cable spanning the world to support its services and ensure data traffic flow Host: Leo Laporte Guests: Jennifer Pattison Tuohy, Doc Rock, and Devindra Hardawar Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: NetSuite.com/TWIT bitwarden.com/twit e-e.com/twit INFO.ACILEARNING.COM/TWIT – code TWIT100
  1. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent
  2. TWiT 1007: All the Hotdogs in the World – China's "Salt Typhoon" Hack, Google on the Chopping Block, Recall AI
  3. TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny
  4. TWiT 1005: $125,000 in Baguettes – iPod Turns 23, The $1.1M AI Painting, Roblox
  5. TWiT 1004: Embrace Uncertainty – Political Texts, Daylight Saving Time, Digital Ad Market