相關新聞 | HKCERT

WordPress Plugin Bug Lets Subscribers Wipe Sites

The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media.

Threatpost 2021年10月28日 253 觀看次數

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations (...

Microsoft 2021年10月26日 246 觀看次數

Better late than never: Microsoft rolls out a public preview of E2EE in Teams calls

Only for one-to-one voice and video, mind Microsoft has finally kicked off the rollout of end-to-end-encryption (E2EE) in its Teams collaboration platform with a public preview of E2EE for one-to-one calls.…

The Register 2021年10月23日 353 觀看次數

Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks

The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called "Bastion Secure" to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme. "With FIN7's latest fake company, the...

The Hacker News 2021年10月23日 222 觀看次數

Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices

Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. The...

The Hacker News 2021年10月23日 205 觀看次數

WinRAR’s vulnerable trialware: when free software isn’t free

PT SWARM 2021年10月22日 214 觀看次數

VPN Exposes Data for 1M Users, Leading to Researcher Questioning

Experts warn that virtual private networks are increasingly vulnerable to leaks and attack.

Threatpost 2021年10月21日 221 觀看次數

83% of ransomware victims paid ransom: Survey

A new survey of 300 US-based IT decision-makers found that 64% have been victims of a ransomware attack in the last 12 months, and 83% of those attack victims paid the ransom demand.

ZDNet 2021年10月20日 361 觀看次數

Google Finally Strips File Transfer Protocol Code From Chrome Browser

Packet Storm 2021年10月20日 387 觀看次數

Acer hit with second cyberattack in less than a week, Taiwanese authorities notified

The same hacker group claimed responsibility for an attack on the company's offices in Taiwan.

ZDnet 2021年10月19日 241 觀看次數