相關新聞 | HKCERT

VMware discloses critical VCD Appliance auth bypass with no patch

VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments.

Bleeping Computer 2023年11月15日 157 觀看次數

CISA warns of actively exploited Juniper pre-auth RCE exploit chain

CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain. [...]

Bleepingcomputer 2023年11月14日 153 觀看次數

Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers

A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. [...]

The Hacker News 2023年11月11日 146 觀看次數

Cloudflare website downed by DDoS attack claimed by Anonymous Sudan

Cloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website. [...]

Bleepingcomputer 2023年11月10日 96 觀看次數

MOVEit Hackers Pivot to SysAid Zero-Day in Ransomware Attacks

The Clop ransomware group is actively exploiting a SysAid zero-day flaw after running rampant through enterprise systems using MOVEit file transfer bug.

Dark Reading 2023年11月10日 165 觀看次數

Treasury Markets Disrupted by ICBC Ransomware Attack

The US Treasury states that it is in contact with financial regulators as it monitors the breach.

Dark Reading 2023年11月10日 96 觀看次數

Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI

A new set of malicious Python packages has slithered their way to the Python Package Index (PyPI) repository with the ultimate aim of stealing sensitive information from compromised developer systems.

The Hacker News 2023年11月09日 193 觀看次數

October 2023’s Most Wanted Malware: NJRat Jumps to Second Place while AgentTesla Spreads through new File Sharing Mal-Spam Campaign

Check Point Research reported that NJRat climbed four places into second spot last month. Meanwhile a new mal-spam campaign was discovered involving AgentTesla, the sixth most used malware, being delivered via corrupted file attachments

Check Point 2023年11月09日 161 觀看次數

Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation

Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges.

The Hacker News 2023年11月09日 114 觀看次數

Fake Ledger Live app in Microsoft Store steals $768,000 in crypto

Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. [...]

Bleepingcomputer 2023年11月08日 80 觀看次數