Thousands of DrayTek Routers at Risk From 14 Vulnerabilities

Several of the flaws enable remote code execution and denial-of-service attacks, while others enable data theft, session hijacking, and other malicious activity. [TechWeb]( Follow Dark Reading: [RSS]( October 04, 2024 LATEST SECURITY NEWS & COMMENTARY [Thousands of DrayTek Routers at Risk From 14 Vulnerabilities]( Several of the flaws enable remote code execution and denial-of-service attacks, while others enable data theft, session hijacking, and other malicious activity. [Near-'perfctl' Fileless Malware Targets Millions of Linux Servers]( Armed with a staggering arsenal of at least 20,000 different exploits for various Linux server misconfigurations, perfctl is everywhere, annoying, and tough to get rid of. [CISA Adds High-Severity Ivanti Vulnerability to KEV Catalog]( Ivanti reports that the bug is being actively exploited in the wild for select customers. [AI 'Nude Photo Generator' Delivers Infostealers Instead of Images]( The FIN7 group is mounting a sophisticated malware campaign that spans numerous websites, to lure people with a deepfake tool promising to create nudes out of photos. [Ukraine-Russia Cyber Battles Tip Over Into the Real World]( "Pig butchering," generative AI, and spear-phishing have all transformed digital warfare. [The Future of AI Safety: California's Vetoed Bill & What Comes Next]( Although the veto was a setback, it highlights key debates in the emerging field of AI governance and the potential for California to shape the future of AI regulation. [DPRK's APT37 Targets Cambodia With Khmer, 'VeilShell' Backdoor]( It's North Korea versus Cambodia, with Windows default settings and sheer patience allowing the bad guys to avoid easy detection. [Navigating the Complexities & Security Risks of Multicloud Management]( Businesses that successfully manage the complexities of multicloud management will be best positioned to thrive in an increasingly digital and interconnected world. [(Sponsored Article) Securing AI With Confidential Computing]( By enabling secure AI deployments in the cloud without compromising data privacy, confidential computing may become a standard feature in AI services. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Python-Based Malware Slithers Into Systems via Legit VS Code]( The prolific Chinese APT Mustang Panda is the likely culprit behind a sophisticated cyber-espionage attack that sets up persistent remote access to victim machines. [Top 5 Myths of AI & Cybersecurity]( Organizations looking to maximize their security posture will find AI a valuable complement to existing people, systems, and processes. [Manufacturers Rank as Ransomware's Biggest Target]( Improvements in cybersecurity and basics like patching aren't keeping pace with the manufacturing sector's rapid growth. [Zimbra RCE Vuln Under Attack Needs Immediate Patching]( The bug gives attackers a way to run arbitrary code on affected servers and take control of them. [MORE]( PRODUCTS & RELEASES [Apono Raises $15.5M Series A Funding for AI-driven, Least Privilege Solution Set]( [Palo Alto Networks and Deloitte Expand Strategic Alliance Globally]( [Darktrace Announces Formal Completion of its Acquisition by Thoma Bravo]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Unix Printing Vulnerabilities Enable Easy DDoS Attacks]( All an attacker needs to exploit flaws in the Common Unix Printing System is a few seconds and less than 1 cent in computing costs. LATEST FROM THE EDGE [Criminals Are Testing Their Ransomware Campaigns in Africa]( The booming economies of Africa, rich in natural resources and brimming with potential, are attracting not just investors, but also cybercriminals. Here's why. LATEST FROM DR TECHNOLOGY [What Communications Companies Need to Know Before Q-Day]( NIST standardized three algorithms for post-quantum cryptography. What does that mean for the information and communications technology (ICT) industry? LATEST FROM DR GLOBAL [Criminals Are Testing Their Ransomware Campaigns in Africa]( The booming economies of Africa, rich in natural resources and brimming with potential, are attracting not just investors, but also cybercriminals. Here's why. WEBINARS - [10 Emerging Vulnerabilities Every Enterprise Should Know]( - [Harnessing the Power of Automation to Boost Enterprise Cybersecurity]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Product Review: Trend Vision One Cloud Security]( - [2024 Cloud Security Report]( - [IDC White Paper: The Peril and Promise of Generative AI in Application Security]( - [Solution Brief: Introducing the runZero Platform]( - [Evolve Your Ransomware Defense]( - [RevealX Catches Ransomware Within Days of Deployment at WCH]( - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( [View More White Papers >>]( FEATURED REPORTS - [Managing Third-Party Risk Through Situational Awareness]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=126123&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_10.04.24&sp_cid=55312&utm_content=DR_NL_Dark%20Reading%20Daily_10.04.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#cf If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)