Security News
More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. Installing patches removes the backdoor account, which, according to Eye Control researchers, uses the "Zyfwp" username and the "PrOw!aN fXp" password.
Several Zyxel firewall and WLAN controller products contain hardcoded credentials for an undocumented user account that has admin privileges. The account was designed for the delivery of automatic firmware updates through FTP and is present on Zyxel USG, ATP, VPN, ZyWALL, and USG FLEX devices.
Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583, affects version 4.60 present in a wide-range of Zyxel devices, including Unified Security Gateway, USG FLEX, ATP, and VPN firewall products.
Over 100,000 Zyxel devices are potentially vulnerable to a secret backdoor caused by hardcoded credentials used to update firewall and AP controllers' firmware. Niels Teusink of Dutch cybersecurity firm EYE discovered a secret hardcoded administrative account in the latest 4.60 patch 0 firmware for some Zyxel devices.
Over 100,000 Zyxel devices are potentially vulnerable to a secret backdoor caused by hardcoded credentials used to update firewall and AP controllers' firmware. Niels Teusink of Dutch cybersecurity firm EYE discovered a secret hardcoded administrative account in the latest 4.60 patch 0 firmware for some Zyxel devices.
The United States Department of Homeland Security has published a guide to the terrifying risks that businesses will expose themselves to if they use tech created in the Peoples' Republic of China or engage in any business activity with the Middle Kingdom. The fifteen-page "Data Security Business Advisory" [PDF] opens by warning "Businesses expose themselves and their customers to heightened risk when they share sensitive data with firms located in the PRC, or use equipment and software developed by firms with an ownership nexus in the PRC.".
Challenges with Traditional WAF. We often hear from industry members who switched from traditional Web Application Firewall to next Gen WAF what made them switch. 1 - Application and Web Usage ControlApplication and web usage control answers the concern, what type of traffic is blocked? The WAF uses multiple identification categories to identify their exact identity of websites and applications crossing the network and determine how to treat them.
Kali Linux 2020.4 released: New default shell, fresh tools, and more!Offensive Security has released Kali Linux 2020.4, the latest version of its popular open source penetration testing platform. Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCsCisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive information on an affected system.
Tufin announced it will integrate with AWS Network Firewall, a new managed service that makes it easy to deploy essential network protections for all Amazon Virtual Private Clouds on Amazon Web Services, on-premise data centers and other cloud platforms for full visibility across the enterprise. "AWS is a very important cloud provider for our customers today and into the future, which is why we are excited to expand our collaboration and be a Launch Partner for AWS Network Firewall," said Pamela Cyr, Senior Vice President of Business and Corporate Development, Tufin.
The Firewall Manager is a centralised service for configuring firewalls across accounts and applications within an AWS user organisation, this being a way of managing multiple AWS accounts. The new AWS Network Firewall moves beyond the existing services by adding more intelligent rules using the open-source Suricata project for intrusion detection.