Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday March 22 2020, @02:05PM   Printer-friendly
from the compromising-position dept.

Arthur T Knackerbracket has found the following story:

Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage (NAS) devices using a critical vulnerability that was only recently discovered, according to security researchers.

The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection vulnerability found in Zyxel NAS storage devices, according to researchers at Palo Alto Networks’ Unit 42 global threat intelligence team. A proof of concept for the vulnerability, CVE-2020-9054, was published publicly only last month.

“Mukashi brute forces the logins using different combinations of default credentials, while informing its command and control (C2) server of the successful login attempts,” Unit 42 Ken Hsu, Zhibin Zhang and Ruchna Nigam wrote in a blog post published Thursday.

Many and potentially all Zyxel NAS products running firmware versions up to 5.21 are vulnerable to compromise, they said.

“We’re aware of the CVE-2020-9054 vulnerability and already released firmware updates for the affected products immediately,’ a spokesperson for Zyxel wrote to Threatpost in response to email-based questions about the bug. 

“We’ve been proactively communicating the issue to our customers on Zyxel Forum and through direct email alerts to urge customers to install the firmware updates or follow the workaround for optimal protection,” the company representative wrote.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by NotSanguine on Sunday March 22 2020, @03:16PM

    Apparently, this is just the latest in a bunch of security problems [threatpost.com] with their software:

    Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software.

    Security researchers are warning that networking hardware vendor Zyxel and its Cloud CNM SecuManager software is chock-full of unpatched vulnerabilities that kick open the doors for hackers to exploit. In all, researchers have identified 16 vulnerabilities, ranging from multiple backdoors and default credentials to insecure memory storage.

    [...]security researchers Pierre Kim and Alexandre Torres wrote in a report posted Monday [(9 March 2020)] [github.io] that “the attack surface is very large and many different stacks are being used making it very interesting. Furthermore, some daemons are running as root and are reachable from the WAN. Also, there is no firewall by default.” The report outlined the more than a dozen flaws.
    [date added]

    It's fair to note that the above vulnerabilities don't affect the NAS devices in TFA, but it doesn't speak well of this company, methinks.

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    Starting Score:    1  point
    Moderation   +3  
       Interesting=3, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5