相關新聞 | HKCERT

Thousands lured with blue badges in Instagram phishing attack

A new Instagram phishing campaign is underway, attempting to scam users of the popular social media platform by luring them with a blue-badge offer.

Bleepingcomputer 2022年09月02日 795 觀看次數

Microsoft found TikTok Android flaw that let hackers hijack accounts

Microsoft found and reported a high severity flaw in the TikTok Android app in February that allowed attackers to "quickly and quietly" take over accounts with one click by tricking targets into clicking a specially crafted malicious link.

Bleepingcomputer 2022年09月01日 660 觀看次數

Chrome extensions with 1.4 million installs steal browsing data

Threat analysts at McAfee found five Google Chrome extensions that steal track users’ browsing activity. Collectively, the extensions have been downloaded more then 1.4 million times.

Bleepingcomputer 2022年08月31日 586 觀看次數

LockBit ransomware gang gets aggressive with triple-extortion tactic

LockBit ransomware gang announced that it is improving defenses against distributed denial-of-service (DDoS) attacks and working to take the operation to triple extortion level. [...]

Bleepingcomputer 2022年08月29日 767 觀看次數

Fake 'Cthulhu World' P2E project used to push info-stealing malware

Hackers have created a fake 'Cthulhu World' play-to-earn community, including websites, Discord groups, social accounts, and a Medium developer site, to distribute the Raccoon Stealer, AsyncRAT, and RedLine password-stealing malware infections on unsuspecting victims....

Bleepingcomputer 2022年08月27日 512 觀看次數

Hackers abuse Genshin Impact anti-cheat system to disable antivirus

Hackers are abusing an anti-cheat system driver for the immensely popular Genshin Impact game to disable antivirus software while conducting ransomware attacks.

Bleepingcomputer 2022年08月26日 862 觀看次數

Hackers adopt Sliver toolkit as a Cobalt Strike alternative

Threat actors are dumping the Cobalt Strike penetration testing suite in favor of similar frameworks that are less known. After Brute Ratel, the open-source, cross-platform kit called Sliver is becoming an attractive alternative.

Bleepingcomputer 2022年08月26日 1429 觀看次數

Phishing attacks abusing SaaS platforms see a massive 1,100% growth

Threat actors are increasingly abusing legitimate software-as-a-service (SaaS) platforms like website builders and personal branding spaces to create malicious phishing websites that steal login credentials. [...]

Bleepingcomputer 2022年08月24日 608 觀看次數

Fake DDoS Protection Alerts Distribute Dangerous RAT

Threat actors are spoofing Cloudflare DDoS bot-checks in an attempt to drop a remote-access Trojan (RAT) on systems belonging to visitors to some previously compromised WordPress websites. [...]

darkreading 2022年08月23日 800 觀看次數

Over 80,000 exploitable Hikvision cameras exposed online

Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server. [...]

Bleepingcomputer 2022年08月23日 1076 觀看次數