[新聞] 合勤防火牆和VPN等產品有資安漏洞

原文標題：Zyxel Firewalls and VPNs Under Active Cyberattack 合勤防火牆和VPN等產品存在資安漏洞 原文連結： https://thehackernews.com/2021/06/watch-out-zyxel-firewalls-and-vpns.html?m=1 發布時間：June 25, 2021 (請以原文網頁/報紙之發布時間為準) 原文內容： Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware, implying that the targeted devices are publicly accessible over the internet. "The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as 'zyxel_slIvpn', 'zyxel_ts', or 'zyxel_vpn_test', to manipulate the device's configuration," Zyxel said in an email message, which was shared on Twitter. As of writing, it's not immediately known if the attacks are exploiting previously known vulnerabilities in Zyxel devices or if they leverage a zero-day flaw to breach the system. Also unclear is the scale of the attack and the number of users affected. To reduce the attack surface, the company is recommending customers to disable HTTP/HTTPS services from the WAN and implement a list of restricted geo-IP to enable remote access only from trusted locations. Earlier this year, Zyxel patched a critical vulnerability in its firmware to remove a hard-coded user account "zyfwp" (CVE-2020-29583) that could be abused by an attacker to login with administrative privileges and compromise the confidentiality, integrity, and availability of the device. The development comes as enterprise VPNs and other network devices have become a top target of attackers in a series of campaigns aimed at finding new avenues into corporate networks, giving the threat actors the ability to laterally move across the network and gather sensitive intelligence for espionage and other financially-motivated operations. 心得/評論： ※必需填寫滿20字 簡單來說，有漏洞的 USG/ZyWALL, USG FLEX, ATP, VPN 這些產品的ZLD韌體 因為是網通設備，這些漏洞可能讓使用者的內網存在資安風險。 攻擊的途徑是從WAN，可以bypass authentication 進行 SSL VPN 連線。 目前受影響的範圍和客戶數量沒有具體的數字。 合勤給客戶的告知/SOP信件： https://i.imgur.com/5feF8OD.jpg -- ◣ ▋ ◣ ／╲﹨ ▊ ▂ ◢ ◣▃▄ ▅ ◢ ▄ ▋▄▅▄ ▄ ▃ ▋╲ \ \▊▎/◢ ▎ ▄ ▉ ▍▏ ▎▄▂ ▍ ▋ ▄▃ ▎ ▎▏▊▊◢ ▆◢▊▉ ▊ ▌ ▂ ▂▃ ▍▏▎ ▊▎▆ ▃ / ▅▁ ▅ ◥ ◣ ◤ ◥ ◥ ▃◥◤ ▇ <R U Ready?> ▇ ▇ ▇ ◥▄▆◤ LOVELYZ 2nd Album --
※ 批踢踢實業坊(ptt.cc), 來自: 218.164.98.179 (臺灣)
※ 文章網址: https://www.ptt.cc/bbs/Stock/M.1624618929.A.52C.html

推 pipi2 : 好險前幾天發文的板友跑得快 06/25 19:03

噓 dergnj : 還好5,000.000股的大股東跑了 06/25 19:04

→ Atwo : 5000股大股東抄底成功 06/25 19:19

推 a89182a89182: 老問題了 這次應該要噴了 06/25 19:32