Get a Pentest and security assessment of your IT network.

Cyber Security

Hackers start exploiting the new backdoor in Zyxel devices

Threat actors are actively scanning the Internet for open SSH devices and trying to login to them using a new recently patched Zyxel hardcoded credential backdoor. One of the IP addresses is using the built-in SSH client of Cobalt Strike to perform the scans. GreyNoise CEO Andrew Morris told BleepingComputer that the actor might be scanning this way to evade threat intelligence vendors. The actor is using Cobalt strike’s SSH client exclusively through Tor to avoid threat intelligence vendor detection. ZyxEl released the ‘ZLD V4 V460 Patch 1’ last month that removes the backdoor accounts on firewall devices.

Source: https://www.bleepingcomputer.com/news/security/hackers-start-exploiting-the-new-backdoor-in-zyxel-devices/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation