相關新聞 | HKCERT

Growing reliance on third-party suppliers signals increasing security risks

Adversaries are turning their focus on cheaper, easier targets within an organisation's supply chain, especially as businesses increasingly acquire software from external suppliers.

ZDNet 2021年04月19日 19 觀看次數

Chrome and Chromium updated after yet another exploit is found in browser's V8 JavaScript engine

JS component seems to be focus of researchers and miscreants alike Google has announced new updates to Chrome 89 following the discovery of yet another live exploit for a vulnerability in the V8 JavaScript engine.…

The Register 2021年04月15日 32 觀看次數

FBI Clears ProxyLogon Web Shells from Hundreds of Orgs

In a veritable cyber-SWAT action, the Feds remotely removed the infections without warning businesses beforehand.

Threatpost 2021年04月15日 30 觀看次數

Ransomware Attack Creates Cheese Shortages in Netherlands

Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw.

Threatpost 2021年04月15日 29 觀看次數

Critical security alert: If you haven't patched this old VPN vulnerability, assume your network is compromised

Hundreds of organisations that haven't applied a Fortinet VPN security update released in 2019 should assume that cyber criminals are trying to take advantage, NCSC warns.

ZDNet 2021年04月13日 73 觀看次數

IcedID Circulates Via Web Forms, Google URLs

Attackers are filling out and submitting web-based "contact us" forms, thus evading email spam filters.

Threatpost 2021年04月13日 43 觀看次數

Sitting comfortably? Then it's probably time to patch, as critical flaw uncovered in npm's netmask package

Are you local? Catastrophically local? The widely used npm library netmask has a networking vulnerability arising from how it parses IP addresses with a leading zero, leaving an estimated 278 million projects at risk.…

The Register 2021年03月30日 161 觀看次數

PHP Infiltrated with Backdoor Malware

The server for the web-application scripting language was compromised on Sunday.

Threatpost 2021年03月29日 35 觀看次數

Watch Out! That Android System Update May Contain A Powerful Spyware

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go under...

The Hacker News 2021年03月27日 23 觀看次數

Exchange Cyberattacks Escalate as Microsoft Rolls One-Click Fix

Public proof-of-concept (PoC) exploits for ProxyLogon could be fanning a feeding frenzy of attacks even as patching makes progress.

Threatpost 2021年03月17日 213 觀看次數