Vulnerable TP-Link wireless routers and Zyxel firewalls impacted by two-year-old security issues have been subjected to ongoing attacks, The Hacker News reports.
Active abuse of the high-severity command injection flaw in TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 routers, tracked as CVE-2023-33538, has prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies recommended to apply patches by July 7. CISA has not provided additional information regarding the process, extent, and perpetrator of vulnerability exploitation. Threat actors have also ramped up intrusions leveraging the critical Zyxel firewall defect, tracked as CVE-2023-28871, to facilitate the deployment of Mirai botnet variants as recently as Monday, according to a report from GreyNoise. Attacks originated from 244 different IP addresses, mostly aimed at the U.S., UK, Spain, Germany, and India. Organizations have been recommended to ensure updated Zyxel software, restrict exposure, and track malicious activity.
Active abuse of the high-severity command injection flaw in TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 routers, tracked as CVE-2023-33538, has prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies recommended to apply patches by July 7. CISA has not provided additional information regarding the process, extent, and perpetrator of vulnerability exploitation. Threat actors have also ramped up intrusions leveraging the critical Zyxel firewall defect, tracked as CVE-2023-28871, to facilitate the deployment of Mirai botnet variants as recently as Monday, according to a report from GreyNoise. Attacks originated from 244 different IP addresses, mostly aimed at the U.S., UK, Spain, Germany, and India. Organizations have been recommended to ensure updated Zyxel software, restrict exposure, and track malicious activity.
