Security Incident Alert question
All Replies
-
mMontana said:I'm not pleased to have see nothing more from Zyxel (or from representatives).Security devices and felons are on the line 24/7, and this kind of weakness into a device which enable remote connectivity, should put on the line 24/7 the best efforts in research, test, and customer care.
I'm start to thinking to move away from Zyxel, silence is unacceptable for a company who makes security devices these days.
By the way, thank you mMontana for sharing advices, at least we have our community.
Agor0 -
New Firmware for ATP is out. According to release note:[...][ENHANCEMENT] To strengthen security access under Covid19 pandemic,
given GeoIP feature by default on all devices.Thanks for this Zyxel!! Sti
0 -
As far as i can see, also 4.64 is out for "older devices".From the ChangelogModifications in V4.64(AALA.0)C0 -2021/06/261. [ENHANCEMENT] The new Initial Setup Wizard will facilitate user to enforce security policies against access to the web management interface and SSL VPN service (from the Internet).2.[ENHANCEMENT] Add Security Policy Check to spot out misconfiguration of security policies via pop-up window.3.[ENHANCEMENT] Add configuration change log of user object.4.[ENHANCEMENT] To strengthen security access under Covid19 pandemic, given GeoIP feature by default on all devices.5.[ENHANCEMENT] Support SSL VPN service port configurableThis come from release notes for USG40.
0 -
Hi @mMontana, @ChipConnJohn, @Agor76
Thanks for all your input and valuable sharing.
Based on our investigation so far, HTTPS is the primary attack vector, and once the attempt is successful, it results in symptoms such as unknown user accounts being created. We haven’t observed any direct correlation between this attack and the previous hardcoded account vulnerability.To assist on the secured configurations, we released a new update which helps on the mitigation settings, you can easily complete the procedure by following up the wizard. Here it is the detail information about this release
https://community.zyxel.com/en/discussion/10971/zld4-64-5-01-firmware-release#latest
0 -
Zyxel_Vic said:Hi @mMontana, @ChipConnJohn, @Agor76
Thanks for all your input and valuable sharing.
Based on our investigation so far, HTTPS is the primary attack vector, and once the attempt is successful, it results in symptoms such as unknown user accounts being created. We haven’t observed any direct correlation between this attack and the previous hardcoded account vulnerability.To assist on the secured configurations, we released a new update which helps on the mitigation settings, you can easily complete the procedure by following up the wizard. Here it is the detail information about this release
https://community.zyxel.com/en/discussion/10971/zld4-64-5-01-firmware-release#latest
Hi @Zyxel_Vic
So does this essentially mean that Zyxel does not know whether an actual remote code execution vulnerability exists? What do you exactly mean by "attack vector"? Are we talking about brute-forcing passwords or taking advantage of an actual RCE vulnerability in the firmware? Until now all of the communication from Zyxel has been extremely vague, leading to speculation and rumors. I can understand if Zyxel cannot release any details due to security matters, however then it would be just a matter of announcing "we've identified the vulnerability and will provide a fix shortly". I just have the impression that Zyxel is clueless in terms of how the threat actors got in.
The recent patch is nice in terms of offering the Geo-IP feature at no cost, however this is only a workaround. Changing port numbers and limiting access on a geographical scope can be considered security by obscurity, which can be easily circumvented by a sophisticated threat actor.
I'd appreciate it if Zyxel would release a clear PR statement of the current state of affairs without any vague language.
Thank you.
0 -
Sconsulting said:
The recent patch is nice in terms of offering the Geo-IP feature at no cost, however this is only a workaround. Changing port numbers and limiting access on a geographical scope can be considered security by obscurity, which can be easily circumvented by a sophisticated threat actor.
I'd appreciate it if Zyxel would release a clear PR statement of the current state of affairs without any vague language.
Thank you.I stand by your opinion and share your concerns.On the other side, without solutions or info sharing, "stating the nothing" could be a double-edged sword for Zyxel, and i can understand why, until now, only "new firmware" is what has been told.Saying that i can understand do not means that it'll be enough. Sooner or later I'm expecting disclosures on how attack was completed and what has been done to avoid similar breaches in future.Reducing the footprint is important, but a broken lock cant' be considered safe with a bigger metal guard for the keyway.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight