相關新聞 | HKCERT

VMware fixes critical vCenter RCE vulnerability, patch now

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws.

Bleeping Computer 2024年06月19日 413 觀看次數

Google warns of actively exploited Pixel firmware zero-day

Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. [...]

Bleepingcomputer 2024年06月13日 834 觀看次數

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. [...]

The Hacker News 2024年06月13日 598 觀看次數

Phishing emails abuse Windows search protocol to push malicious scripts

A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. [...]

Bleepingcomputer 2024年06月13日 572 觀看次數

Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers

Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as CVE-2024-4610, the use-after-free issue impacts the following products - Bifrost GPU Kernel Driver (all versions...

The Hacker News 2024年06月11日 513 觀看次數

Netgear WNR614 flaws allow device takeover, no fix available

Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses. [...]

Bleepingcomputer 2024年06月11日 491 觀看次數

New Warmcookie Windows backdoor pushed via fake job offers

A never-before-seen Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks. [...]

Bleepingcomputer 2024年06月11日 294 觀看次數

Exploit for critical Veeam auth bypass available, patch now

A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates. [...]

Bleepingcomputer 2024年06月10日 355 觀看次數

FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out

The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. [...]

Bleepingcomputer 2024年06月06日 648 觀看次數

New V3B phishing kit targets customers of 54 European banks

Cybercriminals are promoting a new phishing kit named 'V3B' on Telegram, which currently targets customers of 54 major financial institutes in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy. [......

Bleepingcomputer 2024年06月05日 694 觀看次數