相關新聞 | HKCERT

Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack

Malicious updates available from WordPress.org create attacker-controlled admin account.

Ars Technica 2024年06月25日 190 觀看次數

Facebook PrestaShop module exploited to steal credit cards

Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details. [...]

Bleepingcomputer 2024年06月23日 152 觀看次數

Warning: New Adware Campaign Targets Meta Quest App Seekers

A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. [...]

The Hacker News 2024年06月22日 142 觀看次數

ONNX phishing service targets Microsoft 365 accounts at financial firms

A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments.

Bleeping Computer 2024年06月19日 256 觀看次數

VMware fixes critical vCenter RCE vulnerability, patch now

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws.

Bleeping Computer 2024年06月19日 113 觀看次數

Google warns of actively exploited Pixel firmware zero-day

Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. [...]

Bleepingcomputer 2024年06月13日 323 觀看次數

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. [...]

The Hacker News 2024年06月13日 164 觀看次數

Phishing emails abuse Windows search protocol to push malicious scripts

A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. [...]

Bleepingcomputer 2024年06月13日 188 觀看次數

Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers

Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as CVE-2024-4610, the use-after-free issue impacts the following products - Bifrost GPU Kernel Driver (all versions...

The Hacker News 2024年06月11日 149 觀看次數

Netgear WNR614 flaws allow device takeover, no fix available

Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses. [...]

Bleepingcomputer 2024年06月11日 81 觀看次數