InfoSecBulletin Cybersecurity for mankind
CERT Germany and Zyxel have alerted about a serious vulnerability in Zyxel firewalls, identified as CVE-2024-11667. This flaw is being exploited to spread Helldown ransomware, with reports of at least five affected organizations in Germany.
CVE-2024-11667 is a directory traversal vulnerability in Zyxel’s ZLD firmware versions 5.00 to 5.38. Exploiting it allows attackers to upload and download files using crafted URLs, which can compromise sensitive information like system credentials. This may lead to further attacks, such as creating rogue VPN connections and changing firewall settings.
CISA Flags 3 Actively Exploited Vulnerabilities in KEV
Cisco Confirms Active Exploitation Of Decade-Old WebVPN Vulnerability
TP-Link Archer Security Flaw Exposes Devices to Malicious Command Injection
IBM address multiple flaw in security verify access appliance
“Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks
Workshop on “DDoS use cases & solutions for government & BFSI” held at BCS
Uganda confirms hack of central bank accounts, Refutes $17 Million Claim
CVE-2024-11667
Hackers actively exploiting Zyxel firewall to deploy Ransomware
Daily Security Update Dated: 29.11.2024
CIRT-in flags Critical Flaw in Oracle Agile PLM Framework
The affected devices include:
Zyxel ATP and USG FLEX series firewalls in on-premise mode, using ZLD firmware versions 4.32 to 5.38 with remote management or SSL VPN enabled. Devices using Nebula cloud management are not affected.
Initial Release date: 21, November 2024
Updated date: 27, November-2024
Current Date: November 29, 202
Zyxel Europe was reportedly one of the victims.
At least 32 victims worldwide have been reported on Helldown’s data leak site
According to CERT-Bund, five German groups are potential targets
To keep your network safe, Zyxel suggests taking these steps:
Update Firmware: Update your device to the latest firmware..
Disable Remote Access: If updates can’t be applied right away, temporarily turn off remote access to your device until the firmware is patched.
Review Best Practices: Review general cybersecurity guidelines.
