Dark Reading Daily -- January 30, 2025

VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.

LATEST SECURITY NEWS & COMMENTARY

Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers

VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.

Mirai Variant 'Aquabot' Exploits Mitel Device Flaws

Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.

Researchers Uncover Lazarus Group Admin Layer for C2 Servers

The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command-and-control servers from Pyongyang.

The Old Ways of Vendor Risk Management Are No Longer Good Enough

Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance.

Fake Videos of Former First Lady Scam Namibians

Amateurish financial scams are common across Africa, and Namibia's influential former first lady, Monica Geingos, has emerged as a particularly effective host body for these messages.

Data Privacy Day 2025: Time for Data Destruction to Become Standard Business Practice

Compliance standards are mandating better data security. There are several ways to do this, but most organizations would admit that erasure is not one of them.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Lynx Ransomware Group 'Industrializes' Cybercrime With Affiliates The ransomware group provides everything an affiliate could want to breach and attack victims, including a quality controlled recruitment system to engage even more criminals. Cryptographic Agility's Legislative Possibilities & Business Benefits Quantum computing will bring new security risks. Both professionals and legislators need to use this time to prepare. OAuth Flaw Exposed Millions of Airline Users to Account Takeovers The now-fixed vulnerability involved a major travel services company that's integrated with dozens of airline websites worldwide. The Case for Proactive, Scalable Data Protection Whether you're facing growing data demands and increased cyber threats, or simply looking to future-proof your business, it's time to consider the long-term benefits of transitioning to a cloud-first infrastructure. MORE

PRODUCTS & RELEASES

IT-Harvest Launches HarvestIQ.ai

Spectral Capital Files Quantum Cybersecurity Patent

84% of Healthcare Organizations Spotted a Cyberattack in the Late Year

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Super Bowl LIX Could Be a Magnet for Cyberattacks

Concerns include everything from ransomware, malware, and phishing attacks on the game's infrastructure to those targeting event sponsors and fans.

LATEST FROM THE EDGE

PrintNightmare Aftermath: Windows Print Spooler Is Better. What's Next?

While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore.

LATEST FROM DR TECHNOLOGY

Exposure Management Provider CYE Acquires Solvo

The addition of Solvo CSPM to CYE Hyver aims to address need for multicloud vulnerability monitoring and risk assessment.

LATEST FROM DR GLOBAL

Reporting a Breach or Vuln? Be Sure Your Lawyer's on Call

Globally, security researchers and whistleblowers face increasingly hostile laws and judiciaries that are ready to levy fines and prison sentences.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>