相關新聞 | HKCERT

Researchers Found a Zero-Click Facebook Account Takeover

The critical vulnerability in Facebook's password reset process involved a rate-limiting issue in a specific endpoint, which could be exploited to brute-force a nonce and gain access to a user's account.

Cyware News 2024年03月02日 111 觀看次數

Taiwan's Biggest Telco Breached by Suspected Chinese Hackers

Stolen data from Chunghwa Telecom — including government-related details — are up for sale on the Dark Web, the Taiwanese defense ministry confirms.

Dark Reading 2024年03月02日 175 觀看次數

Anycubic 3D Printers Hacked Worldwide to Expose Security Flaw

The hackers have urged Anycubic to open-source their 3D printers due to software deficiencies and have warned affected customers to disconnect their printers from the Internet until the security issue is patched.

Cyware News 2024年03月01日 142 觀看次數

Chinese APT Developing Exploits to Defeat Already Patched Ivanti Users

More bad news for Ivanti customers: soon, even if you've patched, you still might not be safe from relentless attacks from high-level Chinese threat actors.

Dark Reading 2024年03月01日 121 觀看次數

Anycubic 3D printers hacked worldwide to expose security flaw

According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks. [...]

Bleepingcomputer 2024年02月29日 131 觀看次數

LockBit ransomware returns to attacks with new encryptors, servers

The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption. [...]

Bleepingcomputer 2024年02月29日 129 觀看次數

Malicious AI models on Hugging Face backdoor users’ machines

At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor. [...]

Bleepingcomputer 2024年02月29日 134 觀看次數

Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks

The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability.

Bleeping Computer 2024年02月28日 130 觀看次數

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks.

The Hacker News 2024年02月28日 176 觀看次數

8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation

More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at least...

The Hacker News 2024年02月26日 172 觀看次數