相關新聞 | HKCERT

Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks

An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet. “The payload targets routers and network video recorder (...

The Hacker News 2023年11月23日 276 觀看次數

N. Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack

A North Korean state-sponsored threat actor tracked as Diamond Sleet is distributing a trojanized version of a legitimate application developed by a Taiwanese multimedia software developer called CyberLink to target downstream customers via a supply chain attack. "This malicious file is a legitimate CyberLink application...

The Hacker News 2023年11月23日 268 觀看次數

“ChatGPT with voice” opens up to everyone on iOS and Android

All Android and iOS users can soon tap a headphone icon and start chatting.

Ars Technica 2023年11月23日 221 觀看次數

Citrix warns admins to kill NetScaler user sessions to block hackers

Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks. [...]

Bleepingcomputer 2023年11月22日 233 觀看次數

New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login

A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software product security and offensive research firm...

The Hacker News 2023年11月22日 226 觀看次數

Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware

Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead.

The Hacker News 2023年11月20日 292 觀看次數

Exploit for CrushFTP RCE chain released, patch now

A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords.

Bleeping Computer 2023年11月20日 254 觀看次數

【香肉騙案】騙徒借賣「香肉」誘載毒app　9月至今騙逾114萬元

近日有專頁發帖聲稱出售「香肉」，附圖配以卡通狗隻圖案，惹來各界質疑出售狗肉及批評。警方接獲漁農自然護理...

Cyware News 2023年11月20日 185 觀看次數

Microsoft confirms Copilot AI assistant coming to Windows 10

Microsoft will roll out the Copilot AI-powered assistant to Windows 10 systems enrolled in the Insider Program over the coming months. [...]

Bleepingcomputer 2023年11月17日 261 觀看次數

MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet

MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals. [...]

Bleepingcomputer 2023年11月17日 264 觀看次數