CERT Germany and Zyxel have alerted about a serious vulnerability in Zyxel firewalls, identified as CVE-2024-11667. This flaw is being exploited to spread Helldown ransomware, with reports of at least five affected organizations in Germany.
CVE-2024-11667 is a directory traversal vulnerability in Zyxel’s ZLD firmware versions 5.00 to 5.38. Exploiting it allows attackers to upload and download files using crafted URLs, which can compromise sensitive information like system credentials. This may lead to further attacks, such as creating rogue VPN connections and changing firewall settings.
By infosecbulletin
/ Saturday , March 29 2025
The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
By infosecbulletin
/ Thursday , March 27 2025
OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
By infosecbulletin
/ Thursday , March 27 2025
Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
By infosecbulletin
/ Thursday , March 27 2025
As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit...
Read More
By infosecbulletin
/ Wednesday , March 26 2025
Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4...
Read More
By infosecbulletin
/ Wednesday , March 26 2025
Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
By infosecbulletin
/ Wednesday , March 26 2025
On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a...
Read More
By infosecbulletin
/ Tuesday , March 25 2025
Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities,...
Read More
By infosecbulletin
/ Tuesday , March 25 2025
Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many...
Read More
By infosecbulletin
/ Sunday , March 23 2025
A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud servers. The stolen data includes...
Read More
The affected devices include:
Zyxel ATP and USG FLEX series firewalls in on-premise mode, using ZLD firmware versions 4.32 to 5.38 with remote management or SSL VPN enabled. Devices using Nebula cloud management are not affected.
Initial Release date: 21, November 2024
Updated date: 27, November-2024
Current Date: November 29, 202
Zyxel Europe was reportedly one of the victims.
At least 32 victims worldwide have been reported on Helldown’s data leak site
According to CERT-Bund, five German groups are potential targets
To keep your network safe, Zyxel suggests taking these steps:
Update Firmware: Update your device to the latest firmware..
Disable Remote Access: If updates can’t be applied right away, temporarily turn off remote access to your device until the firmware is patched.
Review Best Practices: Review general cybersecurity guidelines.