Zyxel Urges Customers to Replace Vulnerable Routers Targeted by Hackers for Enhanced Security

Zyxel Urges Customers to Replace Vulnerable Routers Targeted by Hackers for Enhanced Security

In a concerning development for users of Zyxel hardware, the Taiwanese manufacturer has announced it will not release a patch for two critical vulnerabilities that are currently being exploited. These security flaws could impact thousands of customers, leading to serious risks such as system compromise and data breaches.

Details of the Vulnerabilities Affecting Zyxel Routers

Threat intelligence firm GreyNoise highlighted the critical nature of these vulnerabilities late last month, indicating that attackers could execute arbitrary commands on affected devices. This could result in:

  • Complete system compromise
  • Data exfiltration
  • Network infiltration

Discovery and Reporting Timeline

The vulnerabilities, tracked as CVE-2024-40890 and CVE-2024-40891, were initially discovered by VulnCheck in July of last year. They were reported to Zyxel in August but had not been addressed or disclosed until recently. Zyxel stated that it became aware of these issues on January 29, just a day after GreyNoise alerted the public about ongoing exploitation.

Zyxel’s Response to Security Risks

Zyxel, which serves over 1 million businesses globally, has indicated that it will not provide patches for these vulnerabilities, citing that they affect “legacy products that have reached end-of-life (EOL) for years.” Instead, the company recommends that customers upgrade to newer-generation products for improved security.

Implications for Affected Users

Despite Zyxel’s claims, some of the vulnerable models are still available for purchase on platforms like Amazon, raising concerns about user safety. Jacob Baines, CTO at VulnCheck, emphasized the ongoing relevance of these older systems due to their continued use and the persistent interest from cyber attackers.

According to Censys, a search engine for Internet of Things devices, nearly 1,500 vulnerable Zyxel devices are still exposed to the internet. Furthermore, GreyNoise reported that botnets, including the notorious Mirai, are exploiting one of these vulnerabilities, indicating a potential for large-scale attacks.

READ ALSO  PowerSchool Data Breach: Hackers Compromise Complete Historical Records of Students and Teachers

Final Thoughts

The lack of a patch from Zyxel for these critical vulnerabilities is alarming for customers relying on their hardware. Users are urged to consider transitioning to newer models to safeguard their networks and sensitive data. As the threat landscape continues to evolve, staying informed and proactive is crucial in maintaining security.

For more information on cybersecurity best practices, visit Cybersecurity & Infrastructure Security Agency.

Similar Posts

Cellebrite Halts Service in Serbia Amid Allegations of Police Spying Technology Abuse

Cellebrite Halts Service in Serbia Amid Allegations of Police Spying Technology Abuse

Bysupport

Cellebrite, a digital intelligence company, has paused its technology usage in Serbia following serious allegations. Reports from Amnesty International claimed that Serbian police misused Cellebrite’s tools to unlawfully access smartphones belonging to a journalist and an activist, subsequently installing spyware. In response, Cellebrite stated it is investigating the claims and has halted product use for the implicated customer. While the identity of the customer remains undisclosed, Amnesty International called for accountability and reforms, urging Serbian authorities to conduct impartial investigations and prevent future misuse of surveillance technologies.

Critical Bug in Anthropic's Claude Code Tool 'Bricks' Systems: What You Need to Know

Critical Bug in Anthropic’s Claude Code Tool ‘Bricks’ Systems: What You Need to Know

Bysupport

Anthropic’s recent launch of Claude Code has encountered significant challenges, particularly with its buggy auto-update function causing unstable workstations and altering crucial system access permissions. Reports indicate that these issues, especially when Claude Code is installed at the “root” level, can lead to severe system malfunctions. In response, Anthropic has removed the problematic commands and implemented a troubleshooting guide within the program, correcting an initial typo in the link. Despite these hurdles, the company’s quick action aims to restore user confidence. Users experiencing issues are advised to consult the troubleshooting guide for assistance.

President Trump Officializes Musk's DOGE Commission with Executive Order

Trump Advocates for Establishing a ‘Crypto Strategic Reserve’ to Strengthen Digital Currency Security

Bysupport

Former President Donald Trump is advocating for a federal cryptocurrency reserve that would include popular digital assets like XRP, Solana, and Cardano. His initiative follows a January executive order aimed at exploring cryptocurrency policy and establishing a national digital asset stockpile. Trump’s working group will assess the need for such a reserve, possibly using seized cryptocurrencies, and evaluate their economic implications. His recent statements on social media suggest a positive shift in cryptocurrency regulation compared to the Biden administration, with his support contributing to a 20% surge in the prices of selected cryptocurrencies. The future impact of these initiatives remains uncertain.

GetReal's $18M Breakthrough: Revolutionizing AI Deepfakes with an Impressive Clientele!

GetReal’s $18M Breakthrough: Revolutionizing AI Deepfakes with an Impressive Clientele!

Bysupport

Deepfake technology’s rapid growth presents challenges for businesses and national security, leading to significant financial losses from scams. To address this, startup GetReal has raised $17.5 million in funding to enhance its deepfake detection solutions. Co-founded by expert Hany Farid, GetReal is launching a forensics platform that includes user-friendly tools, API integration, and a threat exposure dashboard. The funding, led by Forgepoint Capital, aims to combat the talent gap in cybersecurity forensics. GetReal plans to expand its focus to include text-based impersonations, responding to the urgent need for effective deepfake detection in various industries.

Meta Unveils 'Project Waterworth': A Groundbreaking 50,000 km Global Subsea Cable Initiative

Meta Unveils ‘Project Waterworth’: A Groundbreaking 50,000 km Global Subsea Cable Initiative

Bysupport

Meta has launched Project Waterworth, an ambitious subsea cable initiative aimed at enhancing global connectivity and improving its digital services for billions of users. Spanning 50,000 kilometers, it will be the world’s longest subsea cable, connecting five continents with landing points in the U.S., Brazil, India, South Africa, and more. The project focuses on India and aims to boost AI services globally. Utilizing innovative technology, including 24 fiber pair cables and advanced burial techniques, it addresses geopolitical challenges. Supported by a U.S.-India cooperation agreement, Project Waterworth represents Meta’s largest investment in subsea infrastructure, following its ownership of 16 existing networks.

Massive PowerSchool Data Breach Exposes Personal Information of 16,000 UK Students

Massive PowerSchool Data Breach Exposes Personal Information of 16,000 UK Students

Bysupport

The PowerSchool data breach has raised alarms over student data security in the UK, affecting around 16,000 students from four schools. Hackers accessed sensitive personal information, including contact details and limited medical data, through compromised credentials in the company’s customer support portal. Although PowerSchool has communicated with those impacted outside the U.S. and Canada, it has not offered credit monitoring and has not reported the breach to the UK’s Information Commissioner’s Office (ICO). The breach potentially impacts over 62 million students and 9.5 million teachers globally, although PowerSchool has not confirmed this figure.