FlagThis

Zyxel has announced that it will not be releasing patches for two actively exploited zero-day vulnerabilities, CVE-2024-40890 and CVE-2024-40891, affecting multiple legacy DSL CPE products. These vulnerabilities allow attackers to execute arbitrary commands. A Mirai botnet variant is exploiting CVE-2024-40891 in the wild. Zyxel recommends that users replace the end-of-life products with newer-generation devices for optimal protection.

The lack of patches for these exploited vulnerabilities in Zyxel devices poses a significant risk to users who continue to use them. This incident highlights the importance of vendors providing ongoing security support for their products, even after they reach end-of-life.

Zyxel has announced that they will not release patches for multiple legacy DSL Customer Premises Equipment (CPE) products that are affected by actively exploited zero-day vulnerabilities. These vulnerabilities, tracked as CVE-2024-40890 and CVE-2024-40891, allow attackers to execute arbitrary commands, potentially leading to system compromise and data exfiltration. Users of these Zyxel devices are at significant risk and are advised to consider alternative solutions or remove the devices.

Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack, the largest ever reported. The attack, based on the Mirai botnet, involved over 13,000 IoT devices and targeted an unnamed internet service provider customer. This highlights the growing threat of hyper-volumetric assaults and the need for robust DDoS mitigation strategies.

The Mirai botnet, known for exploiting vulnerabilities in IoT devices, continues to evolve and pose a significant threat to internet infrastructure. The attack underscores the importance of securing IoT devices and implementing comprehensive DDoS protection measures to safeguard against increasingly sophisticated and large-scale attacks.

Cloudflare mitigated a massive 5.6 Tbps DDoS attack, showcasing the increasing threat of hyper-volumetric assaults. This record-breaking attack was a Mirai-variant DDoS, which highlights the importance of robust security measures against evolving DDoS attack techniques. In addition, a vulnerability was discovered in Cloudflare’s CDN that could expose a person’s general location by sending an image on platforms like Signal and Discord. Cloudflare conducts media caching at the data center closest to its users. The location information is exposed due to the delivery of a unique image through Cloudflare’s CDN. This could reveal private information.

A critical vulnerability, CVE-2024-12856, has been discovered in Four-Faith routers, models F3x24 and F3x36, allowing for remote code execution. The vulnerability, located in the /apply.cgi endpoint, can be exploited by manipulating the adj_time_year parameter. This flaw allows attackers to gain reverse shells on vulnerable devices, potentially leading to malware installation, data theft, and significant network disruptions. Over 15,000 devices with default credentials have been identified as being at high risk, emphasizing the urgent need for remediation.

Threat actors are actively exploiting this vulnerability to gain unauthorized access. Users of Four-Faith routers are strongly advised to update their devices to the latest firmware and implement strong password policies immediately. The vulnerability poses a serious threat to industrial networks and critical infrastructure relying on these devices.

Multiple botnets, including FICORA (Mirai variant) and CAPSAICIN (Kaiten variant), are actively exploiting known vulnerabilities in older D-Link routers to conduct DDoS attacks and propagate malware. These botnets target vulnerabilities in the HNAP interface, allowing remote attackers to execute malicious commands. The ongoing attacks highlight the persistent risks associated with outdated and unpatched devices, emphasizing the need for users to update or replace vulnerable equipment immediately.

Juniper Networks has issued a warning regarding the Mirai botnet exploiting Session Smart Routers (SSR) due to unchanged default passwords. The Mirai botnet is actively targeting these devices, which could lead to significant security breaches. It is crucial for Juniper SSR users to immediately change the default password to prevent infection and secure their systems against this threat. This highlights the critical importance of strong password hygiene.