Articles Attackers start using Zyxel backdoor account in attacks

Attackers start using Zyxel backdoor account in attacks


Cyber criminals scan the Web, hoping to find open SSH devices and infiltrate them using hard-coded credentials. We are talking about the so-called backdoor account patched the other day by Zyxel .

As a reminder, a cybersecurity specialist EYE recently found a hidden account in more than one hundred firewalls, VPN gateways and Zyxel access point controllers.

In an official post, the tech giant explained that the backdoor account was used to deliver automatic firmware updates via FTP. The problem is that a hidden account allows attackers to create VPN accounts and gain access to internal networks.

It is quite obvious that after the publication of information about the hidden backdoor, attackers began to look for vulnerable devices. Researchers at GreyNoise found three different IP addresses that were trying to break into systems using the credentials of a backdoor account. The experts noted that cybercriminals are looking not only for Zyxel devices, but in general for IPs running SSH. If they manage to find a target that meets the criteria, they start brute-force.

Fortunately, Zyxel has already released the “ZLD V4.60 Patch 1” update, which removes the hidden account on firewalls. The same patch for access point controllers is due out tomorrow, January 8th.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you