February 8, 2021
Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a
U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers.
The U-Admin phishing panel interface. Image: fr3d.hk/blog
The Ukrainian attorney general’s office said it worked with the nation’s police force to identify a 39-year-old man from the Ternopil region who developed a phishing package and special administrative panel for the product.
Source: Zyxel
Security researchers are warning that attackers appear to have stepped up scanning for vulnerable Zyxel products, including VPN gateways, access point controllers and firewalls.
A vulnerability in the company s firmware, which was first disclosed in December by researchers, can be exploited to install a hard-coded backdoor that could give threat actors remote administrative privileges. Dutch security firm Eye Control, which first uncovered the flaw, believes the bug could affect as many as 100,000 Zyxel products worldwide.
Following the disclosure of the vulnerability, Zyxel issued patches in some of its products and is urging its customers to apply them immediately. In the security advisory, however, the company notes that a fix for its NXC access point controller series products would not be released until April (see:
minute read
Share this article:
More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover.
Security experts are warning hackers are ramping up attempts to exploit a high-severity vulnerability that may still reside in over 100,000 Zyxel Communications products.
Zyxel, a Taiwanese manufacturer of networking devices, on Dec. 23 warned of the flaw in its firmware (CVE-2020-29583) and released patches to address the issue. Zyxel devices are generally utilized by small businesses as firewalls and VPN gateways.
Fast forward to this week, several security researchers have spotted “opportunistic exploitation” of Zyxel devices that have not yet received updates addressing the vulnerability.
Novel techniques used by the attackers cheated security tools and forensics, according to FireEye CEO Kevin Mandia.
The cybersecurity firm best known for its incident response (IR) chops today said it had been breached by nation-state attackers who hacked into its systems and stole its red team tools. FireEye CEO Kevin Mandia revealed the hack in a blog post this afternoon, noting the company had contacted the FBI and is working with both the bureau and Microsoft in an investigation of the attack. This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye, Mandia said in the post. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our pa
SANS Announces 2020 Difference Makers Awards Winners
Honoring People Who Made a Difference in Security
News provided by
Share this article
BETHESDA, Md., Dec. 10, 2020 /PRNewswire/
SANS Institute, the global leader in cyber security training and certifications, today announced the winners of the SANS 2020 Difference Makers Awards. This prestigious annual awards program honors individuals, teams and groups in the cybersecurity community who have made a measurable and significant difference in security. Through their implementation of security processes or technology, each person has raised the bar in enabling secure business operations and reducing risk. In a very challenging year, the 2020 winners are a very diverse group that have used their skills and hard work to overcome obstacles and collectively make the world a safer place, said John Pescatore, SANS Director of Emerging Security Trends. The Difference Makers range from individual contributors to teams of people, f