article thumbnail

Zyxel 0day Affects its Firewall Products, Too

Krebs on Security

Today, Zyxel acknowledged the same flaw is present in many of its firewall products. “We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity. Patch 0 through ZLD V4.35

Firewall 309
article thumbnail

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

SonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is “susceptible to actual exploitation.” The same firmware upgrade contains mitigations for additional, less-critical vulnerabilities.” hardware firewalls: SonicOS 6.5.5.1-6n 6n or newer Gen 6 / 6.5

Firewall 115
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Zyxel firewalls targeted in recent ransomware attacks

Security Affairs

Zyxel warns that a ransomware group has been observed exploiting a recently patched command injection issue in its firewalls. Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise.

article thumbnail

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. It was designed to download payloads intended to exfiltrate XG Firewall-resident data.

article thumbnail

Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

The Hacker News

An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News.

Firmware 143
article thumbnail

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

Experts warn of a new campaign targeting an alleged zero-day in Fortinet FortiGate firewalls with management interfaces exposed online. Arctic Wolf researchers observed a campaign targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability. ” continues the advisory.

article thumbnail

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. In December 2022, Sophos released security patches to address seven vulnerabilities in Sophos Firewall version 19.5 , including some arbitrary code execution bugs. reads the advisory. “A

Firmware 131