相關新聞 | HKCERT

VMware warns admins of public exploit for vRealize RCE flaw

VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs). [...]

Bleepingcomputer 2023年10月24日 220 觀看次數

23AndMe Hacker Leaks New Tranche of Stolen Data

Two weeks after the first data leak from the DNA ancestry service, the threat actor produces an additional 4 million user records they purportedly stole.

Dark Reading 2023年10月20日 251 觀看次數

BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks

The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors on network devices stealthily. [...]

Bleepingcomputer 2023年10月20日 203 觀看次數

E-Root admin faces 20 years for selling stolen RDP, SSH accounts

Sandu Diaconu, the operator of the E-Root marketplace, has been extradited to the U.S. to face a maximum imprisonment penalty of 20 years for selling access to compromised computers. [...]

Bleepingcomputer 2023年10月20日 216 觀看次數

Hackers Exploit QR Codes with QRLJacking for Malware Distribution

Quishing involves circulating QR codes embedded with malicious links or malware downloads, while QRLJacking exploits the login with QR code feature to trick users into logging into fake websites and steal their sensitive data.

Cyware News 2023年10月20日 139 觀看次數

Malvertisers Using Google Ads to Target Users Searching for Popular Software

Details have emerged about a malvertising campaign that leverages Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads. Malwarebytes, which discovered the activity, said it's "unique in its way to fingerprint users and...

The Hacker News 2023年10月20日 254 觀看次數

Critical Citrix Bug Exploited as a Zero-Day, 'Patching Is Not Enough'

The latest threat to Citrix NetScaler, CVE-2023-4966, was exploited as a zero-day bug for months before a patch was issued. Researchers expect exploitation efforts to surge.

Dark Reading 2023年10月19日 241 觀看次數

Ex-Navy IT head gets 5 years for selling people’s data on darkweb

Marquis Hooper, a former U.S. Navy IT manager, has received a sentence of five years and five months in prison for illegally obtaining US citizens' personally identifiable information (PII) and selling it on the dark web. [...]

Bleepingcomputer 2023年10月19日 221 觀看次數

North Korean hackers exploit critical TeamCity flaw to breach networks

Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. [...]

Bleepingcomputer 2023年10月19日 286 觀看次數

Ragnar Locker ransomware’s dark web extortion sites seized by police

The Ragnar Locker ransomware operation's Tor negotiation and data leak sites were seized Thursday morning as part of an international law enforcement operation. [...]

Bleepingcomputer 2023年10月19日 147 觀看次數