Using Citrix NetScaler Application Delivery Controller (ADC)?
Do this: Citrix is expected to release an update within the next few weeks to address the vulnerability. In the interim, impacted organizations can disable DTLS to mitigate the issue.
Why: Citrix issued an emergency advisory warning customers of a security issue affecting its NetScaler ADC devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks.
Additional Info: https://thehackernews.com/2020/12/citrix-adc-ddos-attack.html
Using Zyxel Networking Gear?
Do this: Apply ZLD v4.6 Patch 1 as soon as possible.
Why: Security researchers have discovered hardcoded credentials in prior firmwares, which the company stated was for software updates. These credentials are hardcoded and cannot be changed. Not all devices are able to be patched at this time and additional mitigations should be implemented. Refer to the table below for the release schedule of firmware for Zyxel Access Points.
Additional Info: Zyxel’s official statement: https://www.zyxel.com/support/CVE-2020-29583.shtml
Send Us Your Comments
What did you think of this article? Send us a note to let us know what you liked, would like to see more of, or what we can do better. And don't be surprised if we reach back out with a small 'thank you' gift for your feedback.
