相關新聞
Cyberattackers Use HR Targets to Lay More_Eggs Backdoor
The FIN6 group is the likely culprit behind a spear-phishing campaign that demonstrates a shift in tactics, from targeting job seekers to going after those who hire.
Dark Reading
2024年10月02日 57 觀看次數
Progress urges admins to patch critical WhatsUp Gold bugs ASAP
Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible.
Bleeping Computer
2024年09月30日 71 觀看次數
Critical Ivanti vTM auth bypass bug now exploited in attacks
CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks. [...]
Bleepingcomputer
2024年09月25日 99 觀看次數
Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence
Datadog Security Labs recently revealed a security risk within Microsoft Entra ID, showing how its administrative units (AUs) can be weaponized by attackers to create persistent backdoor access.
Cyware News
2024年09月21日 55 觀看次數
CISA warns of actively exploited Apache HugeGraph-Server bug
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server. [...]
Bleepingcomputer
2024年09月20日 98 觀看次數
GitLab Warns of Max Severity Authentication Bypass Bug
Company urges organizations using self-hosting GitLab instances to apply updates for CVE-2024-45409 as soon as possible. [...]
Dark Reading
2024年09月20日 43 觀看次數
Apple pulls iPadOS 18 update bricking M4 iPad Pro devices
Apple has paused the rollout of iPadOS 18 on iPad Pro tablets with the M4 chip after numerous owners reported the update is "bricking" their devices, with no way to turn them on after performing the update. [...]
Bleepingcomputer
2024年09月19日 52 觀看次數
Chinese botnet infects 260,000 SOHO routers, IP cameras with malware
The FBI and cybersecurity researchers have disrupted a massive Chinese botnet called "Raptor Train" that infected over 260,000 networking devices to target critical infrastructure in the US and in other countries. [...]
Bleepingcomputer
2024年09月19日 51 觀看次數
Hackers Target Selenium Grid Servers for Proxyjacking and Cryptomining Attacks
Threat actors are infecting publicly exposed Selenium Grid servers to utilize victims' internet bandwidth for cryptomining, proxyjacking, and potentially more harmful activities.
Cyware News
2024年09月16日 63 觀看次數
Windows vulnerability abused braille “spaces” in zero-day attacks
A recently fixed "Windows MSHTML spoofing vulnerability" tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group. [...]
Bleepingcomputer
2024年09月16日 71 觀看次數