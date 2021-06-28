



Users are advised to strengthen security to protect against cyber attacks Customers of network solutions products manufactured by Zyxel have been warned that a sophisticated threat actor is actively targeting their firewalls and VPNs. In a screenshot of an advisory posted on Twitter, the company advised users to tighten their security protocols to defend against as yet unknown attackers. The letter reads: We recently became aware of a sophisticated threat actor targeting a small subset of Zyxel security appliances that have remote management or SSL VPN enabled, most notably in the USG / series. ZyWALL, USG FLEX, ATP and VPN running ZLD on premise. firmware. Those running the nebula cloud management mode are not affected. We were aware of the situation and did our best to investigate and resolve it. Learn about the latest network security news

The attacker in question attempted to access the devices through the WAN, Zyxel explained. If successful, attacker could bypass authentication and log into unknown accounts in devices, such as zyxel_sllvpn, zyxel_ts or zyxel_vpn_test. Zyxel said the most effective way to reduce the attack surface is to maintain an appropriate security policy for remote access, including blocking unknown IP addresses and only allowing access from trusted locations. The company advises users to turn off HTTP / HTTPS services from the WAN, unless they need to manage devices on the WAN side and, if applicable, follow the above practices. Zyxel’s website contains a detailed account of best practices to secure a distributed network infrastructure. READ MORE LEXSS Injection: How to Bypass Lexical Analyzers by Abusing HTML Parsing Logic

