相關新聞 | HKCERT

Atlassian fixes critical Confluence hardcoded credentials flaw

Atlassian has patched a critical hardcoded credentials vulnerability in Confluence Server and Data Center that could let remote, unauthenticated attackers log into vulnerable, unpatched servers.

Bleepingcomputer 2022年07月25日 119 觀看次數

Microsoft Resumes Blocking Office VBA Macros by Default After 'Temporary Pause'

Microsoft has officially resumed blocking Visual Basic for Applications (VBA) macros by default across Office apps, weeks after temporarily announcing plans to roll back the change.

Thehackernews 2022年07月25日 108 觀看次數

SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products

Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products.

Thehackernews 2022年07月25日 111 觀看次數

Convincing ‘YouTube’ Google ads lead to Windows support scams

A scarily realistic-looking Google Search YouTube advertisement is redirecting visitors to tech support scams pretending to be security alerts from Windows Defender.

Bleepingcomputer 2022年07月21日 106 觀看次數

New Luna ransomware encrypts Windows, Linux, and ESXi systems

A new ransomware family dubbed Luna can be used to encrypt devices running several operating systems, including Windows, Linux, and ESXi systems.

Bleepingcomputer 2022年07月21日 128 觀看次數

Botnet malware disguises itself as password cracker for industrial controllers

Can't get into that machine? No problem, just trust this completely sketchy looking tool Industrial engineers and operators are being lured into running backdoor malware disguised as tools for recovering access to work systems.…

The Register 2022年07月19日 120 觀看次數

Password recovery tool infects industrial systems with Sality malware

A threat actor is infecting industrial control systems (ICS) to create a botnet through password "cracking" software for programmable logic controllers (PLCs).

Bleepingcomputer 2022年07月18日 125 觀看次數

PayPal phishing kit added to hacked WordPress sites for full ID theft

A newly discovered phishing kit targeting PayPal users is trying to steal a large set of personal information from victims that includes government identification documents and photos. [...]

Bleepingcomputer 2022年07月15日 118 觀看次數

New Lilith ransomware emerges with extortion site, lists first victim

A new ransomware operation has been launched under the name 'Lilith,' and it has already posted its first victim on a data leak site created to support double-extortion attacks. [...]

Bleepingcomputer 2022年07月14日 103 觀看次數

New UEFI firmware flaws impact over 70 Lenovo laptop models

The UEFI firmware used in several laptops made by Lenovo is vulnerable to three buffer overflow vulnerabilities that could enable attackers to hijack the startup routine of Windows installations. [...]

Bleepingcomputer 2022年07月14日 104 觀看次數