相關新聞 | HKCERT

Fake Bitwarden sites push new ZenRAT password-stealing malware

Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT.

Bleeping Computer 2023年09月29日 289 觀看次數

Google patches zero-day exploited by commercial spyware vendor

Google has rushed to patch a zero-day vulnerability in Chrome that was exploited by a commercial spyware vendor.

Tech Crunch 2023年09月29日 142 觀看次數

ROBOT crypto attack on RSA is back as Marvin arrives

An engineer has identified longstanding undetected flaws in a 25-year-old method for encrypting data using RSA public-key cryptography.

The Register 2023年09月29日 118 觀看次數

SSH keys stolen by stream of malicious PyPI and npm packages

A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms.

Bleeping Computer 2023年09月29日 336 觀看次數

New ZeroFont phishing tricks Outlook into showing fake AV-scans

Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook. [...]

Bleepingcomputer 2023年09月27日 261 觀看次數

Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors

A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs described the adversary as having a "high technical level and cautious attack attitude," ...

The Hacker News 2023年09月27日 244 觀看次數

ShadowSyndicate: New RaaS Connected to Multiple Ransomware Families

Researchers have discovered the infrastructure linked to a threat group called ShadowSyndicate, believed to have launched attacks using seven distinct ransomware families in the last year. ShadowSyndicate has been identified as using a consistent SSH fingerprint across 85 servers.

Cyware News 2023年09月27日 179 觀看次數

ChatGPT update enables its AI to “see, hear, and speak,“ according to OpenAI

On Monday, OpenAI announced a significant update to ChatGPT that enables its GPT-3.5 and GPT-4 AI models to analyze images and react to them as part of a text conversation. Also, the ChatGPT mobile app will add speech synthesis options that...

Ars Technica 2023年09月26日 225 觀看次數

Google assigns new maximum rated CVE to libwebp bug exploited in attacks

Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago. [...]

Bleepingcomputer 2023年09月26日 173 觀看次數

Mixin suspends deposits and withdrawals after $200m cryptocurrency heist

Mixin Network confirmd on Monday that it has "temporarily suspended" all deposit and withdrawal services after hackers broke into a database and stole about $200 million in funds from the Hong-Kong based cryptocurrency firm. […]

The Register 2023年09月26日 216 觀看次數