相關新聞 | HKCERT

Microsoft disables MSIX protocol handler abused in malware attacks

Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware. [...]

Bleepingcomputer 2023年12月29日 477 觀看次數

Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances

Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoors on a "limited number" of devices. [...]

The Hacker News 2023年12月27日 551 觀看次數

GitHub warns users to enable 2FA before upcoming deadline

GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication (2FA) on their accounts. [...]

Bleepingcomputer 2023年12月27日 498 觀看次數

New Xamalicious Android malware installed 330k times on Google Play

A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store. [...]

Bleepingcomputer 2023年12月27日 732 觀看次數

Ubuntu Security Updates Fixed Vim Vulnerabilities

The vulnerabilities range from denial of service risks to arbitrary code execution possibilities. It emphasizes the importance of regularly updating Vim and applying security patches to mitigate these risks.

Cyware News 2023年12月27日 422 觀看次數

Video Game Giant Ubisoft Investigates Reports of a Data Breach

On December 20, an unknown threat actor had access to Ubisoft's infrastructure for 48 hours. The attackers attempted to steal user data from the game R6 Siege but were unsuccessful.

Cyware News 2023年12月26日 348 觀看次數

Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication

Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy.

The Hacker News 2023年12月22日 873 觀看次數

Crypto drainer steals $59 million from 63k people in Twitter ad push

Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months.

Bleeping Computer 2023年12月22日 548 觀看次數

Fake F5 BIG-IP zero-day warning emails push data wipers

The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. [...]

Bleepingcomputer 2023年12月21日 554 觀看次數

New phishing attack steals your Instagram backup codes to bypass 2FA

A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. [...]

Bleepingcomputer 2023年12月21日 861 觀看次數