相關新聞 | HKCERT

Recently patched CUPS flaw can be used to amplify DDoS attacks

A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. [...]

Bleepingcomputer 2024年10月04日 507 觀看次數

Attackers exploit critical Zimbra vulnerability using cc’d email addresses

Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn. [...]

Ars Technica 2024年10月03日 285 觀看次數

Fake browser updates spread updated WarmCookie malware

A new 'FakeUpdate' campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie malware. [...]

Bleepingcomputer 2024年10月03日 377 觀看次數

FIN7 hackers launch deepfake nude “generator” sites to spread malware

The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware. [...]

Bleepingcomputer 2024年10月03日 402 觀看次數

Cyberattackers Use HR Targets to Lay More_Eggs Backdoor

The FIN6 group is the likely culprit behind a spear-phishing campaign that demonstrates a shift in tactics, from targeting job seekers to going after those who hire.

Dark Reading 2024年10月02日 385 觀看次數

Progress urges admins to patch critical WhatsUp Gold bugs ASAP

Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible.

Bleeping Computer 2024年09月30日 403 觀看次數

Critical Ivanti vTM auth bypass bug now exploited in attacks

CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks. [...]

Bleepingcomputer 2024年09月25日 456 觀看次數

Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence

Datadog Security Labs recently revealed a security risk within Microsoft Entra ID, showing how its administrative units (AUs) can be weaponized by attackers to create persistent backdoor access.

Cyware News 2024年09月21日 311 觀看次數

CISA warns of actively exploited Apache HugeGraph-Server bug

The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server. [...]

Bleepingcomputer 2024年09月20日 408 觀看次數

GitLab Warns of Max Severity Authentication Bypass Bug

Company urges organizations using self-hosting GitLab instances to apply updates for CVE-2024-45409 as soon as possible. [...]

Dark Reading 2024年09月20日 394 觀看次數