Security Highlight - Zyxel Community

[2021 Issue 04] See how Zyxel’s Secure WiFi enables employees to work from home in a secure manner
Due to the pandemic, businesses now need to ensure their networks can be accessed securely outside of the office by their employees working remotely, while still providing the same level of corporate security. Here are the best practices from Zyxel, to help our customers to tackle these new challenges. The best practice to…
Zyxel Threat Intelligence (Release Date: 2021-05-31)
Release Date: 2021-05-31 ZyWALLs latest virus/malware signature update protect you against more malware and threat. See how ZyWALL defends against these threats. You can view more about their details, history, and signature information in Zyxel Encyclopedia. Number of updated signatures: 42375 Total number of…
[2021 Issue 03] See how Zyxel Levels Up Your Security with 2FA
A nightmare for every netizen, imagine yourself turning on your laptop only to realize that you cannot access your social media accounts anymore. Your Gmail has been breached, all your hard work inaccessible, and your credit card was charged with unknown transactions. The culprit? A password leakage may be the cause of…
Zyxel Threat Intelligence (Release Date: 2021-04-27)
Release Date: 2021-04-27 ZyWALLs regular updated to the latest virus/malware signature to protect more malware and threat. See how ZyWALL defends against these threats. You can view more details, history, and signature information in Zyxel Encyclopedia. Highlight Win32.Lentin Worms automatically spreads itself over to…
Guard against Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26855 Affected Package: Microsoft Exchange 2013, 2016 and 2019 This vulnerability is part of an attack chain. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. This can be protected against by restricting untrusted connections, or by setting up a VPN to separate…
[2021 Issue 02] Three Things You Need to Know About Zyxel Industry-leading DNS Content Filter
We are currently facing a de-centralized and IoT driven trend. There are growing number of connected devices including work from home environment, especially during this pandemic, so the security countermeasure needs to be reinforced. There are more browser support and users are encouraged to switch to TLS 1.3 because of…
[2021 Issue 01] Are You Cybersecurity-Ready for 2021?
Given the threats of the pandemic, 2020 was a year of game changer and it greatly reshaped the way people live and work. Now that we have reached 2021, here are some key highlights that Zyxel observed and would urge businesses of today to pay attention to. Till now, we have not seen signs of the COVID-19 pandemic slowing…
Guard against rConfig
CVE-2019-16622 Network configuration management utility, rConfig is vulnerable to unauthenticated remote command execution (Vulnerable version: rConfig version prior to 3.9.2) rConfig is the popular network management utility for IT staffs to take multiple configuration snapshots of their networks devices. A cybersecurity…
Guard against Webmin
CVE-2019-15107Webmin is vulnerable to unauthenticated remote command execution(Vulnerable version: Webmin version 1.882 to 1.921) Webmin is the popular Linux/UNIX systems management UI. The vulnerability is secretly planted by a hacker as a form of backdoor in the development infrastructure and remains in the several…
Guard against Zimbra
CVE-2019-9670Vulnerable Zimbra from 8.5 to 8.7.11 Mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability. Impact: This vulnerability could allow an attacker to RCE on an affected Zimbra system. The XML external entity vulnerability in the…
Guard against Zombie Poodle
Vulnerable TLS1.2 with CBC cipher suite Zombie POODLE and GOLDENDOODLE are similar to ROBOT, DROWN and many other vulnerabilities affecting HTTPS, these issues stem from continued use of cryptographic modes which should have been long ago deprecated and yet are inexplicably still supported in TLSv1.2. In this case, the…
Guard against GoldenDoodle
Vulnerable TLS1.2 with CBC cipher suite Zombie POODLE and GOLDENDOODLE are similar to ROBOT, DROWN and many other vulnerabilities affecting HTTPS, these issues stem from continued use of cryptographic modes which should have been long ago deprecated and yet are inexplicably still supported in TLSv1.2. In this case, the…
Guard against use-after-free vulnerability in Google Chrome FileReader API
CVE-2019-5786 Vulnerable Google Chrome before 72.0.3626.121 On March 1st, Google published an advisory for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019-5786). The exploit leads to code execution in the Renderer process, and a second exploit was used to fully compromise the host system.…
Guard against BlueKeep
CVE-2019-0708 Vulnerable Windows OS: XP, Vista, 7, Server 2003, and Server 2008 When an unauthenticated attacker connects to the target system using RDP and sends a specially crafted request, they can execute a remote code vulnerability that exists in Remote Desktop Services on older Windows OS versions. This allows the…

Welcome!

It looks like you're new here. Sign in or register to get started.