Zyxel Threat Intelligence (Release Date: 2022-04-01)

zyxel_Lin

ZyWALLs latest virus/malware signature update protects you against more malware and threats. See how ZyWALL defends against these threats.

Part 1 – Virus/Malware Spotlight

Part 2 – Intrusion Detection Highlight

Part 3 – Application Patrol Highlight

This article focuses on Potential Unwanted Application (PUA).  Part 2 and 3 will be included in the April Monthly Threat Report covering Intrusion Detection and Application Patrol update. You can view more about their details, history, and signature information in Zyxel Encyclopedia.

Part 1 Virus/Malware Spotlight
(Number of updated Virus/Malware signatures:4,270)

Zyxel keeps malware detection up-to-date. Currently, Zyxel detects and removes the threats including Gen.Variant.Application.RelevantKnowledge and Trojan.CryptoLocker.

Name: Gen.Variant.Application.RelevantKnowledge

This is part of Potentially Unwanted Application. This application can affect the performance of your computing experience. We have seen this leading to the potentially unwanted behaviors on your PCs. This application is usually installed on PCs in United States, China, United Kingdom, France, and Spain.

What is PUA?

A Potential Unwanted Application (PUA) is a type of software that can cause your machine to perform slowly, display unexpected ads, or at worst install other unexpected or unwanted software. PUA is not a virus, malware, or any other type of threats, but it may perform actions on endpoints that would adversely affect endpoint performance or usage. As assessed by Microsoft Defender Advanced Threat Protection, the term PUA can also refer to an application with a bad reputation due to some bad behavior.

How it Affects

•Affect your privacy or productivity - Expose personal information or performing unauthorized actions

•Unnecessarily stress your device's resources - Takes too much storage or memory

•Increase the security risk of your device - Exposes you to unexpected content or applications

Name: Trojan.CryptoLocker

The CryptoLocker attack is Trojan horse that infects your computer and then encrypt the files including your USB memory sticks or hard drives. It is propagated through emails with unknown attachments. Once opened, the downloader is activated and the malware encrypt certain types of files stored on local and mounted network drives using RSA public-key cryptography. Cryptolocker can cause serious damage to personal and business computers. The victims may receive a payment request for decrypted the data. However, there are no guarantees that payment would release the encrypted content. 

Part 2 Intrusion Detection 
(Cover Total: 5523/Updated: 13)

CVE-2020-27871

Base Score: 7.2 high

SolarWinds Network Configuration Manager Vulnerability Settings Arbitrary File Write

This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within VulnerabilitySettings.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11902.(Source: NIST)

CVE-2020-5791

Base Score: 7.2 high

Nagios XI mibs Command Injection

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. (Source: NIST)

Part 3 Application Patrol
(Added Application: 3/ All Application: 3872)

Managing your licenses for your devices has never been easier, the Marketplace is now open for convenient and secured purchasing of licenses. Here are the three major benefits you get as a customer when using the Marketplace:

• Get immediate license renewal
• Avoid incorrect license(s) purchased with our filtered product listing
• Review your device and license status online