相關新聞 | HKCERT

Researchers Report Critical RCE Vulnerability in Google's VirusTotal Platform

Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE). The flaw, now patched, made it possible to "execute commands remotely within VirusTotal platform and gain access to its various scans capabilities...

The Hacker News 2022年04月26日 258 觀看次數

Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability

Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections.

The Hacker News 2022年04月25日 168 觀看次數

Hackers Are Exploiting Zero Days More Than Ever

Packet Storm 2022年04月25日 244 觀看次數

Docker servers hacked in ongoing cryptomining malware campaign

Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon_Duck botnet. [...]

Bleepingcomputer 2022年04月22日 165 觀看次數

QNAP asks users to mitigate critical Apache HTTP Server bugs

QNAP has asked customers to apply mitigation measures to block attempts to exploit Apache HTTP Server security vulnerabilities impacting their network-attached storage (NAS) devices. [...]

Bleepingcomputer 2022年04月22日 223 觀看次數

Google: 2021 was a Banner Year for Exploited 0-Day Bugs

Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes. Google Project Zero reported 58 exploited zero-day vulnerabilities in 2021, a record in the short time the team of security researchers has been keeping...

Thehackernews 2022年04月21日 154 觀看次數

Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild

A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned.

Thehackernews 2022年04月21日 196 觀看次數

Most Email Security Approaches Fail to Block Common Threats

A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs.

Thehackernews 2022年04月21日 141 觀看次數

Okta Says Security Breach by Lapsus$ Hackers Impacted Only Two of Its Customers

Identity and access management provider Okta on Tuesday said it concluded its probe into the breach of a third-party vendor in late January 2022 by the LAPSUS$ extortionist gang.

Thehackernews 2022年04月21日 170 觀看次數

Kaspersky cracks Yanluowang ransomware, offers free decryptor

Step one, get some scrambled files back. Steps two through 37... Kaspersky has found a vulnerability in the Yanluowang ransomware encryption algorithm and, as a result, released a free decryptor tool to help victims of this software nasty recover their files.…

The Register 2022年04月20日 210 觀看次數