相關新聞
SolarWinds Web Help Desk flaw is now exploited in attacks
CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. [...]
Bleepingcomputer
2024年10月17日 311 觀看次數
WhatsApp may expose the OS you use to run it – which could expose you to crooks
Meta knows messaging service creates persistent user IDs that have different qualities on each device Updated An analysis of Meta's WhatsApp messaging software reveals that it may expose which operating system a user is running, and their device setup information – including the number of linked...
The Register
2024年10月17日 370 觀看次數
EDRSilencer red team tool used in attacks to bypass security
A tool for red-team operations called EDRSilencer has been observed in malicious incidents attempting to identify security tools and mute their alerts to management consoles. [...]
Bleepingcomputer
2024年10月16日 485 觀看次數
Jetpack fixes critical information disclosure flaw existing since 2016
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site. [...]
Bleepingcomputer
2024年10月15日 418 觀看次數
Google warns uBlock Origin and other extensions may be disabled soon
Google's Chrome Web Store is now warning that the uBlock Origin ad blocker and other extensions may soon be blocked as part of the company's deprecation of the Manifest V2 extension specification. [...]
Bleepingcomputer
2024年10月14日 299 觀看次數
Iranian hackers now exploit Windows flaw to elevate privileges
The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region. [...]
Bleepingcomputer
2024年10月13日 281 觀看次數
OpenAI confirms threat actors use ChatGPT to write malware
OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. [...]
Bleepingcomputer
2024年10月12日 358 觀看次數
New Mamba 2FA bypass service targets Microsoft 365 accounts
An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages.
Bleeping Computer
2024年10月09日 623 觀看次數
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild.
The Hacker News
2024年10月09日 378 觀看次數
Big brands among thousands infected by payment-card-stealing CosmicSting crooks
Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says
Updated Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of...
The Register
2024年10月05日 401 觀看次數
