Friday, November 22, 2024
CybersecurityHardwareNetworksNews

Zyxel’s NAS Device Patch, Malware Being Sold As a Service, and Front for Selling Stolen Information Shut Down

Zyxel Firmware Update

by Artie Kaye

Good news regarding a flaw in Zyxel’s network attached storage devices, the vulnerability has been patched. The affected devices are:

NAS326
NAS540
NAS542

If you are running, or believe you might be running these affected devices, contact your support team to get them fixed. The updates can be found on the Zyxel website, link below.

The flaw is listed as CVE-2022-34747.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)


Malware As A Service

by Artie Kaye

EvilProxy is the name given to a set of software and tools available on the dark web. It functions as a subscription program, like Adobe. It functions using reverse proxy protocols and cookie injection. The main source of infection is via phishing scams. It can bypass two factor authentication. The ease of use and functionality can allow a bad actor to cause a lot of harm, even with little knowledge. Its use has been linked to attacks on the Python Package Index, and the Twilio breach. It is a relatively new weapon that is still being refined and used against people online. 

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)


Shop Selling Personal Information Shut Down

by Artie Kaye

A criminal webfront know as WT1SHOP has been seized by officials and shut down. It traded in personal information from account login credentials to passports and had a library in excess of 5 million records. Law enforcement in the US and Portugal cooperated in this effort. They were able to track down the owner of the site by tracing their bitcoin transaction history.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)