These popular VPNs, firewalls are actively under attack

IT administrators urged to patch Zyxel VPN and firewall devices immediately

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybercriminals are launching attacks against vulnerableVPNandfirewalldevices from Zyxel, security researchers have warned.

By leveraging a critical vulnerability tracked as CVE-2022-30525 - present in ATP, VPN and some USG FLEX series products - attackers are able to bypass authentication and achieve remote code execution.

Although Zyxel rolled out a fix for the security bug last week, thousands of administrators have failed to install the necessary patch and the exploit is now being utilized openly in the wild.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

Zyxel VPN vulnerability

The vulnerability in Zyxel’sbusiness VPNdevices was first identified by security firm Rapid7, which assisted the company with the remediation.

In ablog postdetailing the bug, Rapid7 warned that attackers could abuse the issue to establish a reverse shell, a type of session that facilitates communication between the attacker and the target machine and sets the stage for further attacks.

The result is that the attacker could effectively seize full control of systems that are otherwise protected by a firewall and other network security measures.

‘Undetectable’ malware kit packs a whole load of threats into a single package>The little-known pact at the heart of cybersecurity>REvil ransomware is officially back in action

Inan advisorypublished by Zyxel alongside the patch, the company urged administrators to install the relevant update immediately. This sentiment wasechoed on Twitterby the cybersecurity director of the NSA, such is the severity of the issue and popularity of Zyxel hardware.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The latest analysis shows that upwards of 15,000 vulnerable Zyxel products remain unpatched, the majority of which belong to companies based in France, Italy, Switzerland and the US, meaning the potential scope of attacks is significant.

To help organizations shield against and mitigate attacks, multiple security researchers have published useful resources online. A team operating under Spanish telecoms firm Telefonica, for example, has releaseda programthat scans for vulnerable endpoints, and another researcher has publisheda toolto help detect intrusions related to the flaw.

ViaBleeping Computer

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

3 reasons why PIA fell in our best VPN rankings

Is it still worth using Proton VPN Free?

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet