相關新聞 | HKCERT

Hackers exploit Four-Faith router flaw to open reverse shells

Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers.

Bleeping Computer 2024年12月31日 67 觀看次數

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and...

The Hacker News 2024年12月30日 46 觀看次數

It's only a matter of time before LLMs jump start supply-chain attacks

'The greatest concern is with spear phishing and social engineering' Interview Now that criminals have realized there's no need to train their own LLMs for any nefarious purposes - it's much cheaper and easier to steal credentials and then jailbreak existing ones - ...

The Register 2024年12月30日 29 觀看次數

Premium WPLMS WordPress plugins address seven critical flaws

Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical-severity vulnerabilities. [...]

Bleepingcomputer 2024年12月24日 93 觀看次數

Google Chrome uses AI to analyze pages in new scam detection feature

Google is using artificial intelligence to power a new Chrome scam protection feature that analyzes brands and the intent of pages as you browse the web. [...]

Bleepingcomputer 2024年12月21日 51 觀看次數

US Ban on TP-Link Routers More About Politics Than Exploitation Risk

While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company's popular routers is more about geopolitics than actual cybersecurity — and that may not be a bad thing. [...]

Dark Reading 2024年12月21日 39 觀看次數

HubSpot phishing targets 20,000 Microsoft Azure accounts

A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials.

Bleeping Computer 2024年12月19日 72 觀看次數

Ongoing phishing attack abuses Google Calendar to bypass spam filters

An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters.

Bleeping Computer 2024年12月19日 35 觀看次數

Critical security hole in Apache Struts under exploit

You applied the patch that could stop possible RCE attacks last week, right? A critical security hole in Apache Struts 2, patched last week, is now being exploited using publicly available proof-of-concept (PoC) code.…

The Register 2024年12月18日 28 觀看次數

New fake Ledger data breach emails try to steal crypto wallets

A new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency. [...]

Bleepingcomputer 2024年12月18日 32 觀看次數