相關新聞 | HKCERT

Stealthy KV-botnet hijacks SOHO routers and VPN devices

The Chinese state-sponsored APT hacking group known as Volt Typhoon (Bronze Silhouette) has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. [...]

Bleepingcomputer 2023年12月14日 539 觀看次數

Avira antivirus causes Windows computers to freeze after boot

Since Friday, Windows users have reported problems with the operating system freezing shortly after booting, an issue linked to a faulty update for Avira's security software. [...]

Bleepingcomputer 2023年12月13日 537 觀看次數

Sophos backports RCE fix after attacks on unsupported firewalls

Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks. [...]

Bleepingcomputer 2023年12月13日 604 觀看次數

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites. [...]

Bleepingcomputer 2023年12月12日 577 觀看次數

Apple emergency updates fix recent zero-days on older iPhones

Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. [...]

Bleepingcomputer 2023年12月12日 651 觀看次數

Google Play Movies gets a new shutdown date: January 17

Purchased content will be scattered across a confusing array of apps and OSes.

Ars Technica 2023年12月12日 727 觀看次數

Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years. [...

Bleepingcomputer 2023年12月10日 472 觀看次數

New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices

A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices.

The Hacker News 2023年12月08日 607 觀看次數

WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.

Bleeping Computer 2023年12月08日 538 觀看次數

Apple 'Lockdown Mode' Bypass Subverts Key iPhone Security Feature

Even the most severe security protections for mobile phones aren't all-encompassing or foolproof, as a tactic involving a spoof of lockdown mode shows.

Dark Reading 2023年12月06日 858 觀看次數