相關新聞 | HKCERT

Sitting comfortably? Then it's probably time to patch, as critical flaw uncovered in npm's netmask package

Are you local? Catastrophically local? The widely used npm library netmask has a networking vulnerability arising from how it parses IP addresses with a leading zero, leaving an estimated 278 million projects at risk.…

The Register 2021年03月30日 463 觀看次數

PHP Infiltrated with Backdoor Malware

The server for the web-application scripting language was compromised on Sunday.

Threatpost 2021年03月29日 264 觀看次數

Watch Out! That Android System Update May Contain A Powerful Spyware

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go under...

The Hacker News 2021年03月27日 251 觀看次數

Exchange Cyberattacks Escalate as Microsoft Rolls One-Click Fix

Public proof-of-concept (PoC) exploits for ProxyLogon could be fanning a feeding frenzy of attacks even as patching makes progress.

Threatpost 2021年03月17日 482 觀看次數

Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices

A new Mirai variant is targeting known flaws in D-Link, Netgear and SonicWall devices, as well as newly-discovered flaws in unknown IoT devices.

Threatpost 2021年03月17日 344 觀看次數

Is Your Browser Extension a Botnet Backdoor?

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, ...

Krebs on Security 2021年03月02日 504 觀看次數

Malware Loader Abuses Google SEO to Expand Payload Delivery

Gootloader has expanded its payloads beyond the Gootkit malware family, using Google SEO poisoning to gain traction.

Threatpost 2021年03月02日 298 觀看次數

Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11

The threat actors stole data and used Clop's leaks site to demand money in an extortion scheme, though no ransomware was deployed.

Threatpost 2021年02月23日 457 觀看次數

Brave browser leaks onion addresses in DNS traffic

The Tor mode included with the Brave web browser allows users to access .onion dark web domains inside Brave private browsing windows without having to install Tor as a separate software package.

ZDNet 2021年02月22日 297 觀看次數

New Malware Found On 30,000 Macs Has Security Pros Stumped

Packet Storm 2021年02月22日 301 觀看次數