Summary:
New vulnerabilities affecting Zyxel firewalls and Advantech wireless access points pose significant risks to organizations. The critical CVE-2024-11667 vulnerability in Zyxel devices has been linked to ransomware attacks, while Advantech devices face multiple high-risk vulnerabilities. Immediate action is required to patch these vulnerabilities and secure networks against potential exploitation.
#ZyxelVulnerability #AdvantechSecurity #HelldownRansomware
New vulnerabilities affecting Zyxel firewalls and Advantech wireless access points pose significant risks to organizations. The critical CVE-2024-11667 vulnerability in Zyxel devices has been linked to ransomware attacks, while Advantech devices face multiple high-risk vulnerabilities. Immediate action is required to patch these vulnerabilities and secure networks against potential exploitation.
#ZyxelVulnerability #AdvantechSecurity #HelldownRansomware
Keypoints:
New vulnerabilities in Zyxel firewalls and Advantech wireless access points threaten organizational security.
CVE-2024-11667 is a high-severity vulnerability in Zyxel firewalls, linked to ransomware attacks.
Helldown ransomware exploits vulnerabilities in Zyxel devices to gain initial access to networks.
Advantech wireless access points have 20 vulnerabilities, with six rated critical (CVSS 9.8).
Attack vectors include LAN/WAN exploitation and over-the-air attacks on Advantech devices.
Organizations are urged to update firmware and implement security best practices to mitigate risks.
SOCRadar’s Vulnerability Intelligence and Attack Surface Management can help organizations manage their security posture.
MITRE Techniques
Exploitation for Client Execution (T1203): Exploits vulnerabilities in software to execute malicious code on client systems.
Command and Control (T1071): Utilizes multiple command and control domains to maintain communication with compromised systems.
Data Encrypted for Impact (T1486): Encrypts data to disrupt operations and demand ransom for decryption.
Credential Dumping (T1003): Obtains account login and password information to facilitate further exploitation.
Remote Code Execution (T1203): Executes arbitrary code on a remote system, allowing attackers to gain control.
IoC:
[file hash] 0bfe25de8c46834e9a7c216f99057d855e272eafafdfef98a6012cecbbdcfab
[file hash] 7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7
[file hash] 7731d73e048a351205615821b90ed4f2507abc65acf4d6fe30ecdb211f0b0872
[file hash] 3e3fad9888856ce195c9c239ad014074f687ba288c78ef26660be93ddd97289e
[file hash] 2621c5c7e1c12560c6062fdf2eeeb815de4ce3856376022a1a9f8421b4bae8e1
[file hash] 47635e2cf9d41cab4b73f2a37e6a59a7de29428b75a7b4481205aee4330d4d19
[file hash] cb48e4298b216ae532cfd3c89c8f2cbd1e32bb402866d2c81682c6671aa4f8ea
[file hash] 67aea3de7ab23b72e02347cbf6514f28fb726d313e62934b5de6d154215ee733
[file hash] 2b15e09b98bc2835a4430c4560d3f5b25011141c9efa4331f66e9a707e2a23c0
[file hash] 6ef9a0b6301d737763f6c59ae6d5b3be4cf38941a69517be0f069d0a35f394dd
[file hash] 9ab19741ac36e198fb2fd912620bf320aa7fdeeeb8d4a9e956f3eb3d2092c92c
[file name] zzz1.conf
[file hash] ccd78d3eba6c53959835c6407d81262d3094e8d06bf2712fefa4b04baadd4bfe
Full Research: https://socradar.io/zyxel-firewalls-exploited-for-ransomware-attacks-20-security-flaws-discovered-in-advantech-access-points/