相關新聞 | HKCERT

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server. [...]

Bleepingcomputer 2024年01月05日 513 觀看次數

Cyberattackers Target Nuclear Waste Company via LinkedIn

The hackers were unsuccessful in their attempt, but this is not the first time the company has experienced this kind of attack.

Dark Reading 2024年01月03日 680 觀看次數

Google Settles Lawsuit Over Tracking 'Incognito Mode' Chrome Users

Google tracked privacy-conscious Internet users, and now it's paying for it.

Dark Reading 2024年01月03日 597 觀看次數

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. [...]

The Hacker News 2024年01月03日 583 觀看次數

Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data

The U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers, and a limited amount of personal information might have been exposed, according to an announcement by the parent company, Xerox Corporation. [...]

Bleepingcomputer 2024年01月03日 575 觀看次數

New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections

Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach "leverages...

The Hacker News 2024年01月01日 562 觀看次數

Android game dev’s Google Drive misconfig highlights cloud security risks

Japanese game developer Ateam has proven that a simple Google Drive configuration mistake can result in the potential but unlikely exposure of sensitive information for nearly one million people over a period of six years and eight months. [...]

Bleepingcomputer 2023年12月31日 666 觀看次數

New Black Basta decryptor exploits ransomware flaw to recover files

Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free. [...]

Bleepingcomputer 2023年12月30日 488 觀看次數

EasyPark discloses data breach that may impact millions of users

Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacts an unknown number of its millions of users. [...]

Bleepingcomputer 2023年12月29日 472 觀看次數

Game mod on Steam breached to push password-stealing malware

Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. [...]

Bleepingcomputer 2023年12月29日 388 觀看次數