Fast-Moving DDoS Botnet Exploits Unpatched ZyXel RCE Bug

A new variant of the Hoaxcalls botnet, which can be marshalled for large-scale distributed denial-of-service (DDoS) campaigns, is spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month.

That’s according to researchers at Radware, who also said that it’s notable how quickly Hoaxcalls operators have moved to weaponize the ZyXel bug, which as of this time of writing, has still not been addressed in a ZyXel advisory.

Read more…
Source: ThreatPost