Featured Story
Hackers Actively Exploiting Zyxel Firewall Flaw To Deploy Ransomware
Cybersecurity experts have uncovered a wave of attacks exploiting vulnerabilities in Zyxel firewalls to deploy the Helldown ransomware. This new ransomware operation, first observed in August 2024, is targeting organizations worldwide through a directory traversal flaw (CVE-2024-11667) in ZLD firmware versions 5.00 through 5.38.
The flaw allows attackers to upload/download files via crafted URLs, leading to unauthorized access and ransomware deployment.
This is a critical vulnerability being actively exploited. Organizations should immediately patch affected Zyxel firewalls and monitor for suspicious activity. These attacks demonstrate how network security appliances can become entry points if not maintained and monitored properly.
Other Stories
Critical Vulnerability Found in Zabbix Network Monitoring Tool
CVE-2024-42327 (CVSS 9.9) affects the Zabbix network monitoring platform. It allows non-admin users with API access to inject arbitrary SQL queries and potentially compromise systems or exfiltrate data.
Zabbix systems are deeply embedded in many IT infrastructures. The fact that this flaw affects default « User » roles increases its severity. Public-facing Zabbix instances are especially at risk. Patch immediately and restrict access to the API and admin interfaces.
WARNING: 2 Vulnerabilities Patched in Veeam Service Provider Console, Patch Immediately!
Two vulnerabilities (CVE-2024-42448, CVE-2024-42449) in Veeam’s Service Provider Console (VSPC) can allow attackers to edit backup configs or delete cloud/on-premise backups. The first carries a CVSS score of 9.9 and poses a critical threat.
Backup systems are essential to cyber resilience, and VSPC’s centralized role makes it a key target. Update to version 8.1.0.21999 immediately and verify that previous backups remain intact. Remember: patching prevents future compromise but does not resolve any past breaches.
Attention: Scams via Physical Letters with QR Codes Spotted in Switzerland
Safeonweb has reported a scam trend in Switzerland involving physical letters containing QR codes. When scanned, these codes can install malware on smartphones. While not yet common in Belgium, the approach is expected to spread due to its simplicity and effectiveness.
This scam shows how attackers combine old-school social engineering (physical mail) with modern tech (QR codes). Stay cautious when scanning unknown QR codes and inform your staff and community. If you receive suspicious messages or mail, forward them to:
verdacht@safeonweb.be
suspect@safeonweb.be
suspicious@safeonweb.be
Contact the Approach Cyber SOC team for tailored support and training programs.
