相關新聞 | HKCERT

Chrome extensions with 1 million installs hijack targets’ browsers

Researchers at Guardio Labs have discovered a new malvertizing campaign pushing Google Chrome and Microsoft Edge extensions that hijack searches and insert affiliate links into webpages. [...]

Bleepingcomputer 2022年10月25日 678 觀看次數

Exploited Windows zero-day lets JavaScript files bypass security warnings

A new Windows zero-day allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.

Bleepingcomputer 2022年10月24日 597 觀看次數

Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware

A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines.

The Hacker News 2022年10月24日 584 觀看次數

Thousands of GitHub repositories deliver fake PoC exploits with malware

Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware.

Bleepingcomputer 2022年10月24日 576 觀看次數

Health system data breach due to Meta Pixel hits 3 million patients

Advocate Aurora Health (AAH), a 26-hospital healthcare system in Wisconsin and Illinois, is notifying its patients of a data breach that exposed the personal data of 3,000,000 patients.

Bleepingcomputer 2022年10月21日 570 觀看次數

These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times

As many as 16 malicious apps with over 20 million cumulative downloads have been taken down from the Google Play Store after they were caught committing mobile ad fraud.

Bleepingcomputer 2022年10月21日 585 觀看次數

Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update

Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process.

Thehackernews 2022年10月20日 605 觀看次數

Microsoft data breach exposes customers’ contact info, emails

Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet.

Bleepingcomputer 2022年10月20日 1027 觀看次數

Hackers compromised Hong Kong govt agency network for a year

Researchers at Symantec have uncovered cyberattacks attributed to the China-linked espionage actor APT41 (a.k.a. Winnti) that breached government agencies in Hong Kong and remained undetected for a year in some cases.

Bleepingcomputer 2022年10月19日 680 觀看次數

Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages

New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. [...]

Thehackernews 2022年10月18日 604 觀看次數