• By:Colin Knapp
  • 6/30/2017

Shellshok!? Is it an Issue for ZyXEL Products?

ZyXEL communications would like to reassure its customers that ZyXEL's Networking products, including Switches, USGs (Unified Security Gateways), ZyWALL VPN firewalls, UAGs (Unified Access Gateways) are not at risk from the Shellshock vulnerability affecting Linux and Unix Bash shells disclosed on the 24th of September 2014. (Testing)

  • By:Brandon Kim
  • 6/30/2017

Zyxel advisory for the BlackNurse attack

A recently publicized “BlackNurse” attack, which sends a low volume of ICMP (Internet Control Message Protocol) Type 3 Code 3 requests to targets, could overload the target’s host CPU, slow down the target’s response, and result in denial of service (DoS). The attack targets firewalls and other network equipment of various brands. However, the attack has not been classified as a security vulnerability because no CVE identifiers or other vulnerability numbers have been assigned.

  • By:Brandon Kim
  • 6/30/2017

Guard against WannaCry ransomware

A recent ransomware attack, known as WannaCry, is affecting a large number of businesses and organizations worldwide. Targeting unpatched Microsoft Windows operating systems, the malware exploits a flaw in Remote Desktop Protocol (RDP) or Windows Server Message Block (SMB) Protocol to lock users out of their systems until ransoms are paid.nnAn immediate action recommended is to apply the Microsoft MS17-010 patch on the unpatched Microsoft systems to close off the vulnerability.

  • By:Brandon Kim
  • 6/30/2017

Guard against Petya ransomware

A recent variant of Petya ransomware, known as “ExPetr” or “NotPetya” or “GoldenEye”, is spreading rapidly across the world this week. Similar to the earlier WannaCry malware, the recent attack utilizes the EternalBlue exploit against the MS17-010 vulnerability to attack unpatched Microsoft Windows-based workstations and servers.