相關新聞 | HKCERT

Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild

iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.

Threatpost 2022年01月27日 204 觀看次數

New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense

Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.

Threatpost 2022年01月27日 205 觀看次數

Attackers now actively targeting critical SonicWall RCE bug

A critical severity vulnerability impacting SonicWall's Secure Mobile Access (SMA) gateways addressed last month is now targeted in ongoing exploitation attempts.

ZDnet 2022年01月26日 192 觀看次數

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by...

ZDnet 2022年01月26日 187 觀看次數

Trellix finds OneDrive malware targeting government officials in Western Asia

Hackers are using Microsoft OneDrive in a multi-stage espionage campaign aimed at high-ranking government officials in Western Asia, according to a new report from Trellix.

ZDnet 2022年01月26日 211 觀看次數

Linux Servers at Risk of RCE Due to Critical CWP Bugs

The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.

Threatpost 2022年01月25日 192 觀看次數

Log4j: Mirai botnet found targeting ZyXEL networking devices

A report explained that the Log4j vulnerability is being used to "infect and assist in the proliferation of malware used by the Mirai botnet."

ZDnet 2022年01月25日 225 觀看次數

FBI warns of malicious QR codes used to steal your money

The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info.

BleepingComputer 2022年01月24日 310 觀看次數

Hackers hijack smart contracts in cryptocurrency token 'rug pull' exit scams

Misconfiguration provides the perfect opportunity for token-based theft.

ZDnet 2022年01月24日 182 觀看次數

Box 2FA Bypass Opens User Accounts to Attack

A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.

Threatpost 2022年01月20日 181 觀看次數