相關新聞 | HKCERT

Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. [...]

Bleepingcomputer 2024年03月10日 177 觀看次數

Canva Warns of Three Security Vulnerabilities in Fonts

The first, CVE-2023-45139, involved a high-severity bug in the FontTools library. The second and third vulnerabilities, CVE-2024-25081 and CVE-2024-25082, were related to naming conventions and compression.

Cyware News 2024年03月09日 145 觀看次數

AnyCubic fixes exploited 3D printer zero day flaw with new firmware

AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide. [...]

Bleepingcomputer 2024年03月08日 197 觀看次數

Switzerland: Play ransomware leaked 65,000 government documents

The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. [...]

Bleepingcomputer 2024年03月08日 198 觀看次數

We're not Meta support: State AGs tell Zuck to fix rampant account takeover problem

'We refuse to operate as customer service representatives' A group of 41 US state attorneys general, tired of serving as a customer complaint clearinghouse for Facebook and Instagram users, have sent a letter to Meta asking it to figure out how to reduce a "dramatic...

The Register 2024年03月08日 224 觀看次數

Windows 10 KB5001716 update fails with 0x80070643 errors, how to fix

Microsoft is pushing out a Windows 10 KB5001716 update used to improve Windows Update that is ironically failing to install, showing 0x80070643 errors. [...]

Bleepingcomputer 2024年03月08日 175 觀看次數

Hacked WordPress sites use visitors' browsers to hack other sites

Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites.

Bleeping Computer 2024年03月07日 252 觀看次數

VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion

VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system.

Bleeping Computer 2024年03月07日 197 觀看次數

Apple fixes two new iOS zero-days exploited in attacks on iPhones

Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. [...]

Bleepingcomputer 2024年03月06日 191 觀看次數

American Express admits card data exposed and blames third party

Don't leave home without … IT security A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown.…

The Register 2024年03月05日 196 觀看次數