相關新聞 | HKCERT

Windows SmartScreen flaw exploited to drop Phemedrone malware

A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files. [...]

Bleepingcomputer 2024年01月16日 566 觀看次數

CISA: Critical Microsoft SharePoint bug now actively exploited

CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution.

Bleeping Computer 2024年01月15日 494 觀看次數

Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion

The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands.

The Hacker News 2024年01月15日 766 觀看次數

Framework discloses data breach after accountant gets phished

Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. [...]

Bleepingcomputer 2024年01月12日 738 觀看次數

Cisco says critical Unity Connection bug lets attackers get root

Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices.

Bleeping Computer 2024年01月11日 471 觀看次數

Ivanti warns of Connect Secure zero-days exploited in attacks

Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways.

Bleeping Computer 2024年01月11日 612 觀看次數

Apache OFBiz zero-day pummeled by exploit attempts after disclosure

SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. [...]

The Register 2024年01月09日 600 觀看次數

Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.

Bleeping Computer 2024年01月08日 557 觀看次數

X users fed up with constant stream of malicious crypto ads

Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams.

Bleeping Computer 2024年01月08日 513 觀看次數

Hackers hijack govt and business accounts on X for crypto scams

Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams, phishing sites, and sites with crypto drainers. [...]

Bleepingcomputer 2024年01月05日 527 觀看次數