icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Hackers Exploit Critical Zyxel Firewall Flaw in Ongoing Attacks

Cyber Security Threat Summary:
A critical command injection flaw in Zyxel networking devices is being exploited by hackers in widespread attackers to install malware. Tracked as CVE-2023-28771, the flaw resides in the default configuration of impacted firewall and VPN devices and can be abused to perform unauthenticated remote code execution via a specially crafted IKEv2 packet to UDP port 500 on the impacted device. Below is a list of the impacted products:

  • ATP – ZLD V4.60 to V5.35
  • USG FLEX – ZLD V4.60 to V5.35
  • VPN- ZLD V4.60 to V5.35
  • ZyWALL/USG – ZLD V4.60 to V4.73
The flaw was addressed by Zyxel on April 25, 2023, with the vendor warning users to update to the latest version releases to resolve the vulnerability.

Security Officer Comments:
According to Shadowserver, the flaw is being actively exploited to build a Mirai-like botnet. Using the compromised devices, actors can then use them to perform distributed denial of service attacks against targeted individuals/organizations. ShadowServer noted that internet-wide sweeps were seen by over 700 of its IKEv2 honeypot sensors, since May 26th. The activity seems to have commenced after a proof-of-concept code was released on May 22, 2023, on GitHub. With a POC available to the public, we expect to see an increase in exploitation attempts in the wild.

Suggested Correction(s):
CISA has added the flaw to its catalog of known exploited vulnerabilities, urging organizations to apply the updates by June 21, 2023. At the time of writing, the latest available firmware version users are recommended to upgrade to is ‘ZLD V5.36 Patch 2’ for ATP – ZLD, USG FLEX, and VPN- ZLD, and ‘ZLD V4.73 Patch 2’ for ZyWALL. For more information, please refer to Zyxel’s advisory down below:

Link(s):
https://www.zyxel.com/global/en/
https://www.bleepingcomputer.com/

Contact Us for Threat Assistance
Back to Current Threats