相關新聞 | HKCERT

Latest Intel CPUs impacted by new Indirector side-channel attack

Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU. [...

Bleepingcomputer 2024年07月02日 104 觀看次數

A new MOVEit vulnerability is igniting hacking attempts. Companies should patch ASAP

MOVEit, a popular file transfer platform used by thousands of companies and government entities, is once again in the news for all the wrong reasons. [...]

ZDnet 2024年06月28日 164 觀看次數

Critical GitLab bug lets attackers run pipelines as any user

A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user. [...]

Bleepingcomputer 2024年06月27日 107 觀看次數

LockBit lied: Stolen data is from a bank, not US Federal Reserve

Recently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States. Except, the rumor has been quashed. [...]

Bleepingcomputer 2024年06月27日 257 觀看次數

Polyfill.io JavaScript supply chain attack impacts over 100K sites

Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites.

Bleeping Computer 2024年06月26日 189 觀看次數

Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack

Malicious updates available from WordPress.org create attacker-controlled admin account.

Ars Technica 2024年06月25日 164 觀看次數

Facebook PrestaShop module exploited to steal credit cards

Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details. [...]

Bleepingcomputer 2024年06月23日 139 觀看次數

Warning: New Adware Campaign Targets Meta Quest App Seekers

A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. [...]

The Hacker News 2024年06月22日 133 觀看次數

ONNX phishing service targets Microsoft 365 accounts at financial firms

A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments.

Bleeping Computer 2024年06月19日 227 觀看次數

VMware fixes critical vCenter RCE vulnerability, patch now

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws.

Bleeping Computer 2024年06月19日 105 觀看次數