相關新聞 | HKCERT

Log4JShell Used to Swarm VMware Servers with Miners, Backdoors

Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.

Threatpost 2022年03月30日 404 觀看次數

Mars Stealer malware pushed via OpenOffice ads on Google

A newly launched information-stealing malware variant called Mars Stealer is rising in popularity, and threat analysts are now spotting the first notable large-scale campaigns employing it. [...]

Bleepingcomputer 2022年03月30日 425 觀看次數

Honda bug lets a hacker unlock and start your car via replay attack

Researchers have disclosed a 'replay attack' vulnerability affecting select Honda and Acura car models, that allows a nearby hacker to unlock your car and even start its engine from a short distance.

BleepingComputer 2022年03月29日 461 觀看次數

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system.

The Hacker News 2022年03月29日 447 觀看次數

Hive ransomware ports its Linux VMware ESXi encryptor to Rust

The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim's ransom negotiations.

Bleepingcomputer 2022年03月28日 453 觀看次數

Okta: "We made a mistake" delaying the Lapsus$ hack disclosure

Okta has admitted that it made a mistake delaying the disclosure of hack from the Lapsus$ data extortion group that took place in January. Additionally, the company has provided a detailed timeline of the incident and its investigation activities.

Bleepingcomputer 2022年03月28日 491 觀看次數

Morgan Stanley client accounts breached in social engineering attacks

Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised following vishing attacks. [...]

Bleepingcomputer 2022年03月25日 561 觀看次數

Phishing kits constantly evolve to evade security software

Modern phishing kits sold on cybercrime forums as off-the-shelve packages feature multiple and sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions won't mark them as a threat. [...]

Bleepingcomputer 2022年03月25日 572 觀看次數

Hackers exploit new WPS Office flaw to breach betting firms

An unknown Chinese-speaking threat actor has been targeting betting companies in Taiwan, Hong Kong, and the Philippines, leveraging a vulnerability in WPS Office to plant a backdoor on the targeted systems.

Bleepingcomputer 2022年03月24日 624 觀看次數

Okta confirms support engineer's laptop was hacked in January

Okta, a major provider of access management systems, has completed its investigation into a breach incident claimed by the Lapsus$ data extortion group. [...]

Bleepingcomputer 2022年03月23日 487 觀看次數