相關新聞 | HKCERT

New Microsoft Exchange credential stealing malware could be worse than phishing

Kaspersky has discovered a malicious add-on for Microsoft's Internet Information Service (IIS) web server software that it said is designed to harvest credentials from Outlook Web Access (OWA), the webmail client for Exchange and Office 365...

TechRepublic 2021年12月15日 424 觀看次數

Irish Health Service ransomware attack happened after one staffer opened malware-ridden email

PWC report shows long list of missed opportunities to shut out extortion crims Ireland's Health Service Executive (HSE) was almost paralysed by ransomware after a single user opened a malicious file attached to a phishing email, a consultancy's damning report has revealed....

The Register 2021年12月11日 475 觀看次數

Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack

The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”

Threatpost 2021年12月11日 437 觀看次數

Malicious npm Code Packages Built for Hijacking Discord Servers

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases.

Threatpost 2021年12月09日 399 觀看次數

With 18,378 vulnerabilities reported in 2021, NIST records fifth straight year of record numbers

A record 18,378 vulnerabilities were reported in 2021 but the number of high severity vulnerabilities was lower than 2020.

ZDnet 2021年12月09日 341 觀看次數

Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers

Experts spotted a series of malvertising campaigns using fake installers of popular apps and games to deliver a backdoor and a malicious Chrome extension.

Security Affairs 2021年12月07日 414 觀看次數

FBI: Cuba ransomware group hit 49 critical infrastructure organizations

The FBI claimed the group has made at least $43.9 million in ransom payments.

ZDnet 2021年12月04日 412 觀看次數

Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks

Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. <!--...

The Hacker News 2021年12月04日 461 觀看次數

New malware hides as legit nginx process on e-commerce servers

eCommerce servers are being targeted with remote access malware that hides on Nginx servers in a way that makes it virtually invisible to security solutions.

Bleeping Computer 2021年12月03日 541 觀看次數

Nine WiFi routers used by millions were vulnerable to 226 flaws

Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them, even when running the latest firmware.

Bleeping Computer 2021年12月03日 463 觀看次數