相關新聞 | HKCERT

105 million Android users targeted by subscription fraud campaign

A premium services subscription scam for Android has been operating for close to two years. Called ‘Dark Herring’, the operation used 470 Google Play Store apps and affected over 100 million users worldwide, potentially causing hundreds of millions of USD in total losses.

Bleepingcomputer 2022年01月28日 10 觀看次數

AirTag use in theft and stalking incidents prompts Apple to update its Personal Safety User Guide

Apple's diminutive trackers have increasingly shown up in news reports around stalking and thefts. The company's updated safety guide includes new information on what to do if you find an unknown AirTag that might be involved in criminal activity.

ZDnet 2022年01月27日 21 觀看次數

Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild

iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.

Threatpost 2022年01月27日 19 觀看次數

New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense

Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.

Threatpost 2022年01月27日 18 觀看次數

Attackers now actively targeting critical SonicWall RCE bug

A critical severity vulnerability impacting SonicWall's Secure Mobile Access (SMA) gateways addressed last month is now targeted in ongoing exploitation attempts.

ZDnet 2022年01月26日 28 觀看次數

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by...

ZDnet 2022年01月26日 30 觀看次數

Trellix finds OneDrive malware targeting government officials in Western Asia

Hackers are using Microsoft OneDrive in a multi-stage espionage campaign aimed at high-ranking government officials in Western Asia, according to a new report from Trellix.

ZDnet 2022年01月26日 31 觀看次數

Linux Servers at Risk of RCE Due to Critical CWP Bugs

The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.

Threatpost 2022年01月25日 31 觀看次數

Log4j: Mirai botnet found targeting ZyXEL networking devices

A report explained that the Log4j vulnerability is being used to "infect and assist in the proliferation of malware used by the Mirai botnet."

ZDnet 2022年01月25日 28 觀看次數

FBI warns of malicious QR codes used to steal your money

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info.

BleepingComputer 2022年01月24日 30 觀看次數