相關新聞
SAP's First Security Updates for 2023 Resolve Critical Vulnerabilities
SAP this week announced the release of 12 new and updated security notes as part of the January 2023 Security Patch Day, including seven ‘hot news’ notes that address critical-severity vulnerabilities.
The Hacker News
2023年01月12日 627 觀看次數
Scattered Spider hackers use old Intel driver to bypass security
A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products.
The Hacker News
2023年01月12日 595 觀看次數
Over 1,300 fake AnyDesk sites push Vidar info-stealing malware
A massive campaign using over 1,300 domains to impersonate the official AnyDesk site is underway, all redirecting to a Dropbox folder recently pushing the Vidar information-stealing malware. [...]
Bleepingcomputer
2023年01月11日 630 觀看次數
Attackers Are Already Exploiting ChatGPT to Write Malicious Code
The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.
Dark Reading
2023年01月10日 628 觀看次數
Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL
The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers. [...]
Bleepingcomputer
2023年01月10日 552 觀看次數
Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects
A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server. "By exploiting this vulnerability, attackers could achieve remote code execution (RCE) ...
The Hacker News
2023年01月10日 484 觀看次數
Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker ...
The Hacker News
2023年01月08日 626 觀看次數
Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of cloud resources...
The Hacker News
2023年01月07日 537 觀看次數
Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls
Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access. [...]
Bleepingcomputer
2023年01月07日 504 觀看次數
Twitter data dump: 200m+ account database now free to download
No passwords, but plenty of stuff for social engineering and doxxing
More than 200 million Twitter users' information is now available for anyone to download for free.…
The Register
2023年01月06日 553 觀看次數
