相關新聞 | HKCERT

Passport info and healthcare data leaked from Indonesia's COVID-19 test-and-trace app for travelers

About 1.3 million people had their sensitive personal data, COVID-19 test results and more exposed on an open server.

ZDnet 2021年08月31日 202 觀看次數

Microsoft Warns of Widespread Phishing Attacks Using Open Redirects

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits that impersonate well-known productivity tools...

The Hacker News 2021年08月29日 291 觀看次數

Azure Cosmos DB alert: This critical vulnerability puts users at risk

Cosmos DB is in serious trouble thanks to ChaosDB, a critical vulnerability in the Azure cloud database. It enables anyone to take remote control of your databases. Fortunately, there is a fix.

ZDnet 2021年08月28日 200 觀看次數

Cloudflare says it stopped the largest DDoS attack ever reported

Cloudflare's system detected and mitigated a 17.2 million request-per-second DDoS attack, which they said is three times larger than any previous one.

ZDnet 2021年08月28日 226 觀看次數

Ragnarok ransomware releases master decryptor after shutdown

Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware.

Bleeping Computer 2021年08月27日 284 觀看次數

Synology: Multiple products impacted by OpenSSL RCE vulnerability

Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products.

Bleeping Computer 2021年08月27日 273 觀看次數

Mirai-style IoT botnet is now scanning for router-pwning critical vuln in Realtek kit

Researchers warn of Dark.IoT's rapidly evolving nasty A denial-of-service vulnerability affecting SDKs for Realtek chipsets used in 65 vendors' IoT devices has been incorporated into a son-of-Mirai botnet, according to new research.…

The Register 2021年08月26日 351 觀看次數

ProxyLogon flaw, evil emails, SQL injections used to open backdoors on Windows boxes

Multi-use toolkit deployed on victims' networks across Asia, North America ESET and TrendMicro have identified a novel and sophisticated backdoor tool that miscreants have slipped onto compromised Windows computers in companies mostly in Asia but also in North America.…

The Register 2021年08月26日 282 觀看次數

Win10 Admin Rights Tossed Off by Yet Another Plug-In

Then again, you don’t even need the actual device – in this case, a SteelSeries peripheral – since emulation works just fine to launch with full SYSTEM rights.

Threatpost 2021年08月26日 231 觀看次數

Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs

Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.

Threatpost 2021年08月24日 267 觀看次數