相關新聞 | HKCERT

Exploit released for Atlassian Confluence RCE bug, patch now

Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers have been widely released this weekend. [...]

Bleepingcomputer 2022年06月06日 319 觀看次數

Evasive phishing mixes reverse tunnels and URL shortening services

Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop. [...]

Bleepingcomputer 2022年06月05日 359 觀看次數

FluBot Android Spyware Taken Down in Global Law Enforcement Operation

An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot.

The Hacker News 2022年06月02日 280 觀看次數

Hundreds of Elasticsearch databases targeted in ransom attacks

Hackers have targeted poorly secured Elasticsearch databases and replaced 450 indexes with ransom notes asking for $620 to restore contents, amounting to a total demand of $279,000.

Bleeping Computer 2022年06月02日 299 觀看次數

New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email

A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim.

The Hacker News 2022年06月02日 293 觀看次數

New Windows Search zero-day added to Microsoft protocol nightmare

A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.

Bleeping Computer 2022年06月02日 278 觀看次數

Hackers steal WhatsApp accounts using call forwarding trick

There’s a trick that allows attackers to hijack a victim’s WhatsApp account and gain access to personal messages and contact list.

Bleeping Computer 2022年06月01日 344 觀看次數

Over 3.6 million MySQL servers found exposed on the Internet

Over 3.6 million MySQL servers are publicly exposed on the Internet and responding to queries, making them an attractive target to hackers and extortionists. [...]

Bleepingcomputer 2022年06月01日 247 觀看次數

New Microsoft Office zero-day used in attacks to execute PowerShell

Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document.

Bleepingcomputer 2022年05月31日 293 觀看次數

New XLoader botnet uses probability theory to hide its servers

Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware's operation. [...]

Bleepingcomputer 2022年05月31日 294 觀看次數