相關新聞 | HKCERT

Hackers use Microsoft IIS web server logs to control malware

The Cranefly hacking group, aka UNC3524, uses a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services (IIS) web server logs. [...]

Bleepingcomputer 2022年11月01日 708 觀看次數

ConnectWise fixes RCE bug exposing thousands of servers to attacks

ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager (SBM) secure backup solutions. [...]

Bleepingcomputer 2022年10月31日 557 觀看次數

Twilio Reveals Another Breach from the Same Hackers Behind the August Hack

Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. [...]

Thehackernews 2022年10月31日 672 觀看次數

Australian Clinical Labs says patient data stolen in ransomware attack

Australian Clinical Labs (ACL) has disclosed a February 2022 data breach that impacted its Medlab Pathology business, exposing the medical records and other sensitive information of 223,000 people. [...]

Bleepingcomputer 2022年10月28日 738 觀看次數

Drinik Android malware now targets users of 18 Indian banks

A new version of the Drinik Android banking trojan targets 18 Indian banks, masquerading as the country's official tax management app to steal victims' personal information and banking credentials. [...]

Bleepingcomputer 2022年10月28日 559 觀看次數

iOS Bug Lets Apps Record Siri Conversations

Without even asking for permissions, the newly discovered 'SiriSpy' flaw in Apple's iOS Bluetooth access could allow someone to access user interactions with Siri and keyboard-dictation audio.

Dark Reading 2022年10月28日 600 觀看次數

Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards

Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals.

The Hacker News 2022年10月26日 617 觀看次數

Massive cryptomining campaign abuses free-tier cloud dev resources

An automated and large-scale 'freejacking' campaign abuses free GitHub, Heroku, and Buddy services to mine cryptocurrency at the provider's expense.

Bleeping Computer 2022年10月26日 703 觀看次數

Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog

Cybersecurity researchers have disclosed details about a pair of vulnerabilities in shoppingmode Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS).

The Hacker News 2022年10月26日 606 觀看次數

Apple fixes new zero-day used in attacks against iPhones, iPads

In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year. [...]

Bleepingcomputer 2022年10月25日 572 觀看次數