相關新聞 | HKCERT

PyPI package 'keep' mistakenly included a password stealer

PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to contain a password-stealer and a backdoor due to the presence of malicious 'request' dependency within some versions. [...]

Bleepingcomputer 2022年06月13日 309 觀看次數

New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University, the system "leverages...

The Hacker News 2022年06月11日 366 觀看次數

Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones

A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals). The identification, at its core, hinges on imperfections in the Bluetooth...

The Hacker News 2022年06月10日 231 觀看次數

Qbot malware now uses Windows MSDT zero-day in phishing attacks

A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware.

Bleepingcomputer 2022年06月09日 507 觀看次數

Critical PHP flaw exposes QNAP NAS devices to RCE attacks

QNAP has warned customers today that some of its Network Attached Storage (NAS) devices (with non-default configurations) are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution. [...]

Bleepingcomputer 2022年06月08日 255 觀看次數

MEGA fixes critical flaws that allowed the decryption of user data

MEGA has released a security update to address a set of severe vulnerabilities that could have exposed user data, even if the data had been stored in encrypted form. [...]

Bleepingcomputer 2022年06月08日 198 觀看次數

New SVCReady malware loads from Word doc properties

A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines. [...]

Bleepingcomputer 2022年06月08日 348 觀看次數

New ‘DogWalk’ Windows zero-day bug gets free unofficial patches

Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) have been released today through the 0patch platform. [...]

Bleepingcomputer 2022年06月08日 349 觀看次數

Mandiant: “No evidence” we were hacked by LockBit ransomware

American cybersecurity firm Mandiant is investigating LockBit ransomware gang's claims that they hacked the company's network and stole data. [...]

Bleepingcomputer 2022年06月07日 305 觀看次數

Microsoft's new 'autopatch' service for Windows PC just took another step forwards

Microsoft has rolled out the public preview of Windows Autopatch, potentially a much easier way for admins to handle Patch Tuesday. [...]

ZDNet 2022年06月07日 267 觀看次數