相關新聞 | HKCERT

Joomla XSS Bugs Open Millions of Websites to RCE

Improper content filtering in a core function allows multiple paths to exploitation for CVE-2024-21726.

Dark Reading 2024年02月21日 465 觀看次數

Musk claims Neuralink patient doing OK with implant, can move mouse with brain

Medical ethicists alarmed by Musk being "sole source of information" on patient.

Ars Technica 2024年02月21日 323 觀看次數

Signal rolls out usernames that let you hide your phone number

End-to-end encrypted messaging app Signal finally allows users to pick custom usernames to connect with others while protecting their phone number privacy. [...]

Bleepingcomputer 2024年02月21日 509 觀看次數

Over 28,500 Exchange servers vulnerable to actively exploited bug

Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting. [...]

Bleepingcomputer 2024年02月20日 524 觀看次數

Anatsa Android malware downloaded 150,000 times via Google Play

The Anatsa banking trojan has been targeting users in Europe by infecting Android devices through malware droppers hosted on Google Play. [...]

Bleepingcomputer 2024年02月19日 489 觀看次數

OpenAI collapses media reality with Sora, a photorealistic AI video generator

On Thursday, OpenAI announced Sora, a text-to-video AI model that can generate 60-second-long photorealistic HD video from written descriptions. While it's only a research preview that we have not tested, it reportedly creates synthetic video (...

Ars Technica 2024年02月17日 401 觀看次數

SolarWinds fixes critical RCE bugs in access rights audit solution

SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation. [...]

Bleepingcomputer 2024年02月17日 515 觀看次數

New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraud

A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access.

Bleeping Computer 2024年02月16日 526 觀看次數

Over 13,000 Ivanti gateways vulnerable to actively exploited bugs

Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched.

Bleeping Computer 2024年02月16日 495 觀看次數

GoldPickaxe Trojan Uses Biometric Data and Deepfake Tech to Scam Banks

The trojan captures facial biometric data to create deepfake videos for bypassing banking logins, demonstrating a high level of sophistication and operational maturity by the cybercriminal group GoldFactory.[...]

Cyware News 2024年02月15日 558 觀看次數