相關新聞 | HKCERT

Premium WPLMS WordPress plugins address seven critical flaws

Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical-severity vulnerabilities. [...]

Bleepingcomputer 2024年12月24日 478 觀看次數

Google Chrome uses AI to analyze pages in new scam detection feature

Google is using artificial intelligence to power a new Chrome scam protection feature that analyzes brands and the intent of pages as you browse the web. [...]

Bleepingcomputer 2024年12月21日 496 觀看次數

US Ban on TP-Link Routers More About Politics Than Exploitation Risk

While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company's popular routers is more about geopolitics than actual cybersecurity — and that may not be a bad thing. [...]

Dark Reading 2024年12月21日 782 觀看次數

HubSpot phishing targets 20,000 Microsoft Azure accounts

A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials.

Bleeping Computer 2024年12月19日 510 觀看次數

Ongoing phishing attack abuses Google Calendar to bypass spam filters

An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters.

Bleeping Computer 2024年12月19日 349 觀看次數

Critical security hole in Apache Struts under exploit

You applied the patch that could stop possible RCE attacks last week, right? A critical security hole in Apache Struts 2, patched last week, is now being exploited using publicly available proof-of-concept (PoC) code.…

The Register 2024年12月18日 262 觀看次數

New fake Ledger data breach emails try to steal crypto wallets

A new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency. [...]

Bleepingcomputer 2024年12月18日 363 觀看次數

Does Desktop AI Come With a Side of Risk?

Artificial intelligence capabilities are coming to a desktop near you — with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks?

Dark Reading 2024年12月17日 322 觀看次數

FBI spots HiatusRAT malware attacks targeting web cameras, DVRs

The FBI warned today that new HiatusRAT malware attacks are now scanning for and infecting vulnerable web cameras and DVRs that are exposed online. [...]

Bleepingcomputer 2024年12月17日 295 觀看次數

Malicious ads push Lumma infostealer via fake CAPTCHA pages

A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot. [...]

Bleepingcomputer 2024年12月17日 303 觀看次數