All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 16, 2022. I’ve also included some comments on these stories. 

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability  

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities Catalog, the Hacker News reports. Citing evidence of active exploitation, the reported flaws included the recently disclosed remote code execution bug affecting Zyxel firewalls. 

ANDREW SWOBODA | Senior Security Researcher at Tripwire

Zyxel Firewalls are subject to a code execution vulnerability. Attackers can inject arbitrary commands upon successful exploitation of this vulnerability. The following devices are affected by this vulnerability: USG FLEX 100, 100W, 200, 500, 700 USG20-VPN, USG20W-VPN ATP 100, 200, 500, 700, 800, and VPN series. Upgrade to patch V5.30 or later to fix this vulnerability. 


Hackers target Tatsu WordPress plugin in millions of attacks  

Hackers are massively exploiting a remote code execution vulnerability (CVE-2021-25094) in the Tatsu Builder plugin for WordPress, which is installed on about 100,000 websites. Although the patch has been available since early April, up to 50,000 websites are estimated to still run a vulnerable version of the plugin, Bleeping Computer notes. 

ANDREW SWOBODA | Senior Security Researcher at Tripwire

The Tatsu Builder plugin for WordPress is subject to a code execution vulnerability. To exploit this vulnerable attackers need to upload a malicious zip file that extracts a PHP file that starts with a ‘.’ to bypass extension controls.  

It is estimated that there are 50 000 vulnerable websites. Attackers are currently exploiting this issue and it is (Read more...)