Recite Me

Zyxel patches critical firmware vulnerability

Threat: Zyxel has released details for a critical vulnerability in its firmware that can be abused to compromise networking devices:

The flaw, tracked as CVE-2020- 29583, affects Zyxel Unified Security Gateway (USG), USG FLEX, ATP and VPN firewall products. A hardcoded credential vulnerability was identified in the “zyfwp” user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.

Advice: The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities:  https://www.zyxel.com/support/CVE-2020-29583.shtml  

For all your IT equipment (so tablets, smartphones, laptops and PCs), make sure the software and firmware is always kept up to date with the latest versions from software developers, hardware suppliers and vendors.

More advice and guidance can be found at www.ncsc.gov.uk

COVID-19: SMS / Text message SCAMS

TOP 4 SMS SCAMS:

  1. Fake URL links claiming to link to GOV.UK website to claim supposed COVID-19 related payment
  2. Lockdown fines suggesting you have breached lockdown
  3. Offers of health supplements to prevent infection 
  4. Financial support offers that appear to be from your bank

How to verify the text messages:

  • Challenge - Could it be fake? It’s ok to reject, refuse or ignore any requests that don’t feel right. Check GOV.UK to ensure it’s genuine.
  • Be wary of text messages that try to get you to send money, or important personal information such as bank details or passwords.
  • Take a moment to stop and think before parting with information
  • Use official government websites and refer to ‘Contact Us’ sections of websites to access information and services. 

Be cyber aware: https://www.ncsc.gov.uk/cyberaware/home 

PayPal phishing texts 

Threat: A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft. If you log in on the phishing page, the entered PayPal credentials will be sent to the threat actors. The phishing page then goes a step further as it will try to collect further details from you, including your name, date of birth, address, bank details, and more.

Advice: Always log into your account via tried and tested methods. If you received this text and mistakenly logged into your PayPal account or provided other information, you should immediately go to Paypal.com and change your password. If you use that same password at other sites, change them there as well.

More advice and guidance can be found at www.ncsc.gov.uk