相關新聞 | HKCERT

Privacy Anxiety Pushes Microsoft Recall AI Release Again

The Recall AI tool will be available to Copilot+ PC subscribers in December, and can be used to record images of every interaction on the device for review later. Critics say this introduces major privacy and security concerns along with useful functionality.

Dark Reading 2024年11月02日 282 觀看次數

Synology hurries out patches for zero-days exploited at Pwn2Own

Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week's Pwn2Own hacking competition within days. [...]

Bleepingcomputer 2024年11月02日 290 觀看次數

Hackers target critical zero-day vulnerability in PTZ cameras

Hackers are attempting to exploit two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, business conferences, government, and courtroom settings.

Bleeping Computer 2024年11月01日 313 觀看次數

Over a thousand online shops hacked to show fake product listings

A phishing campaign dubbed 'Phish n' Ships' has been underway since at least 2019, infecting over a thousand legitimate online stores to promote fake product listings for hard-to-find items.

Bleeping Computer 2024年11月01日 289 觀看次數

QNAP patches second zero-day exploited at Pwn2Own to get root

QNAP has fixed a second zero-day vulnerability exploited at the Pwn2Own Ireland 2024 hacking contest to gain a root shell and take over a TS-464 NAS device. [...]

Bleepingcomputer 2024年10月31日 462 觀看次數

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Over 22,000 CyberPanel instances exposed online to a critical remote code execution (RCE) vulnerability were mass-targeted in a PSAUX ransomware attack that took almost all instances offline.

Bleeping Computer 2024年10月30日 299 觀看次數

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models

A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft.

The Hacker News 2024年10月30日 297 觀看次數

Mozilla: ChatGPT Can Be Manipulated Using Hex Code

LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this myopia to get them to do malicious things, with a new prompt-injection technique.

Dark Reading 2024年10月29日 362 觀看次數

Fog ransomware targets SonicWall VPNs to breach corporate networks

Fog and Akira ransomware operators have increased their exploitation efforts of CVE-2024-40766, a critical access control flaw that allows unauthorized access to resources on the SSL VPN feature of SonicWall SonicOS firewalls. [...]

Bleepingcomputer 2024年10月28日 442 觀看次數

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver malware, a...

The Hacker News 2024年10月28日 264 觀看次數