SoylentNews

Arthur T Knackerbracket has found the following story:

Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage (NAS) devices using a critical vulnerability that was only recently discovered, according to security researchers.

The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection vulnerability found in Zyxel NAS storage devices, according to researchers at Palo Alto Networks’ Unit 42 global threat intelligence team. A proof of concept for the vulnerability, CVE-2020-9054, was published publicly only last month.

“Mukashi brute forces the logins using different combinations of default credentials, while informing its command and control (C2) server of the successful login attempts,” Unit 42 Ken Hsu, Zhibin Zhang and Ruchna Nigam wrote in a blog post published Thursday.

Many and potentially all Zyxel NAS products running firmware versions up to 5.21 are vulnerable to compromise, they said.

“We’re aware of the CVE-2020-9054 vulnerability and already released firmware updates for the affected products immediately,’ a spokesperson for Zyxel wrote to Threatpost in response to email-based questions about the bug. 

“We’ve been proactively communicating the issue to our customers on Zyxel Forum and through direct email alerts to urge customers to install the firmware updates or follow the workaround for optimal protection,” the company representative wrote.

Original Submission