Tag Archives: censys

Zyxel firewalls under attack by Mirai-like botnet

CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-2023-28771 is a vulnerability that allows unauthenticated attackers to execute OS commands remotely by sending crafted IKE (Internet Key Exchange) packets to an affected device. Fixed by Zyxel in April 2023, it was expected to be quickly exploited by attackers once technical write-ups and … More ? The post Zyxel firewalls under attack by Mirai-like botnet appeared first on Help Net Security .

See the article here:
Zyxel firewalls under attack by Mirai-like botnet

High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)

Version 3.0.7 of the popular OpenSSL cryptographic library is out, with fixes for CVE-2022-3602 and CVE-2022-3786, two high-severity buffer overflow vulnerabilities in the punycode decoder that could lead to crashes (i.e., denial of service) or potentially remote code execution. CVE-2022-3602, whose existence was preannounced by the OpenSSL Project team a week ago, has luckily turned out to be less dangerous than initially thought. So the much feared *Critical* #OpenSSL turns out to be “just” a … More ? The post High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786) appeared first on Help Net Security .

More:
High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)