相關新聞 | HKCERT

FileWave fixes bugs that left 1,000+ orgs open to ransomware, data theft

Internet-connected MDM instances, each with an 'unrestricted number' of managed devices, were vulnerable FileWave has fixed a couple vulnerabilities in its endpoint management software that could allow a remote attacker to bypass authentication and take full control of the deployment and associated devices....

The Register 2022年07月28日 506 觀看次數

Google once again delays phasing out third-party cookies

Chrome will now fully support the tracking technology until the second half of 2024

ZDnet 2022年07月28日 354 觀看次數

We're likely only seeing 'the tip of the iceberg' of Pegasus spyware use against the US

House intel chair raises snoop tool concerns as Google and others call for greater crack down Google and internet rights groups have called on Congress to weigh in on spyware, asking for sanctions and increased enforcement against so-called legit surveillanceware makers.…

The Register 2022年07月28日 567 觀看次數

DHL Phishing Page Uses Telegram Bot for Exfiltration

One of the quickest ways for an attacker to harvest financial data, credentials, and sensitive personal information is through phishing. These social engineering attacks can typically be found masquerading as a trusted or recognizable service, intent on tricking unsuspecting users into submitting sensitive information on the...

Sucuri Blog 2022年07月27日 725 觀看次數

Microsoft: IIS extensions increasingly used as Exchange backdoors

Microsoft says attackers increasingly use malicious Internet Information Services (IIS) web server extensions to backdoor unpatched Exchange servers as they have lower detection rates compared to web shells.

Bleeping Computer 2022年07月27日 576 觀看次數

Hackers exploited PrestaShop zero-day to breach online stores

Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information.

Bleepingcomputer 2022年07月26日 682 觀看次數

Microsoft issues emergency fix for broken Windows 11 start menu

Microsoft has addressed a known issue that was causing the start menu on some Windows 11 to malfunction after installing recent updates.

Bleepingcomputer 2022年07月26日 708 觀看次數

Atlassian fixes critical Confluence hardcoded credentials flaw

Atlassian has patched a critical hardcoded credentials vulnerability in Confluence Server and Data Center that could let remote, unauthenticated attackers log into vulnerable, unpatched servers.

Bleepingcomputer 2022年07月25日 701 觀看次數

Microsoft Resumes Blocking Office VBA Macros by Default After 'Temporary Pause'

Microsoft has officially resumed blocking Visual Basic for Applications (VBA) macros by default across Office apps, weeks after temporarily announcing plans to roll back the change.

Thehackernews 2022年07月25日 569 觀看次數

SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products

Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products.

Thehackernews 2022年07月25日 672 觀看次數