相關新聞 | HKCERT

Half-Billion Compromised Credentials Lurking on Open Cloud Server

A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned.

Threatpost 2021年12月22日 349 觀看次數

Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look

There are 17,000npatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.

Threatpost 2021年12月22日 348 觀看次數

Ubisoft confirms Just Dance data breach amid developer exodus

Ubisoft said there was an intrusion into the company's IT infrastructure targeting Just Dance.

ZDnet 2021年12月22日 328 觀看次數

Conti Ransomware Gang Has Full Log4Shell Attack Chain

Packet Storm 2021年12月21日 353 觀看次數

Bad things come in threes: Apache reveals another Log4J bug

Third major fix in ten days is an infinite recursion flaw rated 7.5/10 The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j.…

The Register 2021年12月20日 504 觀看次數

New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability

Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. "This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse...

The Hacker News 2021年12月18日 443 觀看次數

Log4j attackers switch to injecting Monero miners via RMI

Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success.

Bleeping Computer 2021年12月17日 496 觀看次數

Malicious Exchange Server Module Hoovers Up Outlook Credentials

"Owowa" stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.

Threatpost 2021年12月16日 388 觀看次數

Ransomware in 2022: We're all screwed

Security experts tell us what to expect in the cybercriminal landscape as we head into the new year. It's not good.

ZDnet 2021年12月16日 482 觀看次數

SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.

Threatpost 2021年12月16日 328 觀看次數