Cyber security news for all

More

    Cyber criminals are targeting vulnerability to attack Zyxel NAS devices

    There is a new variant of the Mirai botnet called Mukashi. The attackers are primarily looking at unpatched Zyxel devices on which the botnet is to be installed. The malware, called Mukashi uses brute force attacks with various combinations of standard credentials to log in to Zyxel NAS devices. The malware then tries to take control of these devices and add them to a botnet. The botnet can be used to carry out DDoS attacks.

    Pre Authentication Command Vulnerability

    Multiple ZyXEL devices contain a pre authentication command injection vulnerability that could allow a remote attacker to run arbitrary code on a vulnerable device without logging in. This security warning was issued on March 2020.

    Mukashi hinges on a pre-authentication command injection vulnerability (tracked as CVE-2020-9054), for which a proof-of-concept was only made publicly available last month. Mukashi has exploited the vulnerability in Zyxel NAS devices with firmware version. Then remote code execution attacks are carried out, as security researchers are observed. The malware has been scanning the ports for potential targets since last week and is launching brute force attacks to circumvent common combinations of usernames and passwords. Once the login has been bypassed, Mukashi connects to a command and control server that can issue commands to perform DDoS attacks. When analyzing the code of the Mukashi malware, the security researchers, despite the differences correspond to the Mirai botnet. At the end of 2019, the Mirai botnet paralyzed large parts of the internet or slowed down websites due to DDoS attacks. The Mirai source code was published online, giving cybercriminals the tools to build a botnet. Zyxel patched the vulnerability affecting network attached storage and firewall products last month, and it is strongly recommended that all Zyxel users install the firmware update to protect the devices from Mukashi attacks.

    Recent Articles

    Hackers stole thousands of passport data in Argentina

    In response to millions of dollars ransom refused by the Argentine Immigration Service, a ransomware group released passport data from hundreds of thousands of...

    USA wants to improve cybersecurity of space systems

    CISA has published a table this week that summarizes Chinese activities against cybersecurity. Some attacks have succeeded and enabled hackers to gain a foothold...

    Unknown attackers had access to personal data of Warner Music

    Warner Music Group has admitted a security incident in which customers card details were stolen in some of the company's online stores. Warner Music...

    Donald Trump wants to force a sale of TikTok to Microsoft

    It was recently announced that President Donald Trump plans to prohibit business with the owners of TikTok by decree. The American head of state...

    PIN protection is cracked for contactless payments

    Contactless payments by card only works up to typically 30 dollars without a PIN. The PIN is actually  requested for high payments. This is...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox