相關新聞 | HKCERT

CISA: Critical Microsoft SharePoint bug now actively exploited

CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution.

Bleeping Computer 2024年01月15日 208 觀看次數

Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion

The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands.

The Hacker News 2024年01月15日 318 觀看次數

Framework discloses data breach after accountant gets phished

Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. [...]

Bleepingcomputer 2024年01月12日 385 觀看次數

Cisco says critical Unity Connection bug lets attackers get root

Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices.

Bleeping Computer 2024年01月11日 196 觀看次數

Ivanti warns of Connect Secure zero-days exploited in attacks

Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways.

Bleeping Computer 2024年01月11日 215 觀看次數

Apache OFBiz zero-day pummeled by exploit attempts after disclosure

SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. [...]

The Register 2024年01月09日 222 觀看次數

Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.

Bleeping Computer 2024年01月08日 213 觀看次數

X users fed up with constant stream of malicious crypto ads

Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams.

Bleeping Computer 2024年01月08日 198 觀看次數

Hackers hijack govt and business accounts on X for crypto scams

Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams, phishing sites, and sites with crypto drainers. [...]

Bleepingcomputer 2024年01月05日 214 觀看次數

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server. [...]

Bleepingcomputer 2024年01月05日 200 觀看次數