相關新聞 | HKCERT

ClickFix attack delivers infostealers, RATs in fake Booking.com emails

Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. [...]

Bleepingcomputer 2025年03月13日 15 觀看次數

Apple patches 0-day exploited in “extremely sophisticated attack”

-day exploited by maliciously crafted Web content to break out of security sandbox.

Ars Technica 2025年03月12日 29 觀看次數

The Badbox botnet is back, powered by up to a million backdoored Androids

Best not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort Human Security’s Satori research team says it has found a new variant of the remote-controllable Badbox malware, and as...

The Register 2025年03月08日 30 觀看次數

'EncryptHub' OPSEC Failures Reveal TTPs & Big Plans

Is EncryptHub the most prolific cybercriminal in recent history? Or, as new information suggests, a bumbling amateur?

Dark Reading 2025年03月07日 84 觀看次數

Microsoft says malvertising campaign impacted 1 million PCs

Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. [...]

Bleepingcomputer 2025年03月07日 50 觀看次數

Open-source tool 'Rayhunter' helps users detect Stingray attacks

The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays. [...]

Bleepingcomputer 2025年03月06日 48 觀看次數

Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware

New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks.

Bleeping Computer 2025年03月05日 32 觀看次數

YouTube warns of AI-generated video of its CEO used in phishing attacks

YouTube warns that scammers are using an AI-generated video featuring the company's CEO in phishing attacks to steal creators' credentials. [...]

Bleepingcomputer 2025年03月05日 35 觀看次數

Phishers Wreak 'Havoc,' Disguising Attack Inside SharePoint

A complex campaign allows cyberattackers to take over Windows systems by a combining a ClickFix-style attack and sophisticated obfuscation that abuses legitimate Microsoft services.

Dark Reading 2025年03月04日 57 觀看次數

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training

A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, ...

The Hacker News 2025年02月28日 43 觀看次數