相關新聞 | HKCERT

Extracting Encrypted Credentials From Common Tools

Attackers are harvesting credentials from compromised systems. Here's how some commonly used tools can enable this.

Dark Reading 2022年12月30日 308 觀看次數

What is a Gmail app password and how do you create one?

If third-party apps need to connect to your Gmail account, your regular Google account password may not be enough. Find out how to use the App Passwords feature and why.

ZDnet 2022年12月30日 1273 觀看次數

Hackers abuse Google Ads to spread malware in legit software

Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products.

Bleepingcomputer 2022年12月29日 259 觀看次數

Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities

Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS...

The Hacker News 2022年12月29日 467 觀看次數

BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection

BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web (MotW) protections. This includes the use of optical disk image (.ISO extension) and virtual hard disk...

The Hacker News 2022年12月27日 341 觀看次數

GuLoader Malware Utilizing New Techniques to Evade Security Software

Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. "New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtual machine (VM)-related...

The Hacker News 2022年12月26日 320 觀看次數

Back to work, Linux admins: You have a CVSS 10 kernel bug to address

Also, script kiddies are coming for your gift cards, and Meta's Cambridge Analytica pathetic payout Merry Christmas, Linux systems administrators: Here's a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated...

The Register 2022年12月24日 353 觀看次數

New info-stealer malware infects software pirates via fake cracks sites

A new information-stealing malware named 'RisePro' is being distributed through fake cracks sites operated by the PrivateLoader pay-per-install (PPI) malware distribution service. [...]

Bleepingcomputer 2022年12月24日 365 觀看次數

Comcast Xfinity accounts hacked in widespread 2FA bypass attacks

Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges. [...]

Bleepingcomputer 2022年12月23日 235 觀看次數

DuckDuckGo now blocks Google sign-in pop-ups on all sites

DuckDuckGo apps and extensions are now blocking Google Sign-in pop-ups on all its apps and browser extensions, removing what it perceives as an annoyance and a privacy risk for its users. [...]

Bleepingcomputer 2022年12月23日 236 觀看次數