相關新聞 | HKCERT

Oracle customers confirm data stolen in alleged cloud breach is valid

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. [...]

Bleepingcomputer 2025年03月27日 9 觀看次數

Browser-in-the-Browser attacks target CS2 players' Steam accounts

A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam's login page. [...]

Bleepingcomputer 2025年03月25日 7 觀看次數

FBI warnings are true—fake file converters do push malware

The FBI is warning that fake online document converters are being used to steal people's information and, in worst-case scenarios, lead to ransomware attacks. [...]

Bleepingcomputer 2025年03月23日 35 觀看次數

UK urges critical orgs to adopt quantum cryptography by 2035

The UK's National Cyber Security Centre (NCSC) has published specific timelines on migrating to post-quantum cryptography (PQC), dictating that critical organizations should complete migration by 2035.

Bleeping Computer 2025年03月21日 34 觀看次數

WhatsApp patched zero-click flaw exploited in Paragon spyware attacks

WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the University of Toronto's Citizen Lab. [...]

Bleepingcomputer 2025年03月20日 36 觀看次數

Malicious Android 'Vapor' apps on Google Play installed 60 million times

Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information.

Bleeping Computer 2025年03月19日 36 觀看次數

New Windows zero-day exploited by 11 state hacking groups since 2017

At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017.

Bleeping Computer 2025年03月19日 57 觀看次數

Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware

Medusa ransomware now operates as a RaaS model, recruiting affiliates from criminal forums to launch attacks, encrypt data, and extort victims worldwide.

TechRepublic 2025年03月18日 34 觀看次數

Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts

Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. [...]

Bleepingcomputer 2025年03月16日 70 觀看次數

ClickFix: How to Infect Your PC in Three Easy Steps

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft...

Krebs on Security 2025年03月15日 66 觀看次數