相關新聞 | HKCERT

Attacks on Citrix NetScaler systems linked to ransomware actor

A threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks.

Bleeping Computer 2023年08月29日 209 觀看次數

Exploit released for Juniper firewall bugs allowing RCE attacks

Proof-of-concept exploit code has been publicly released for vulnerabilities in Juniper SRX firewalls that, when chained, can allow unauthenticated attackers to gain remote code execution in Juniper's JunOS on unpatched devices.

Bleeping Computer 2023年08月29日 366 觀看次數

Google debuts Duet AI to tackle new cybersecurity challenges in the cloud

The use of AI in modern defense has dominated the Google Next security discussion. The tech giant has introduced new solutions capitalizing on AI to fend off cyberattackers.

ZDnet 2023年08月29日 99 觀看次數

Hackers exploit critical Juniper RCE bug chain after PoC release

Hackers have started using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface. [...]

Bleepingcomputer 2023年08月29日 156 觀看次數

MalDoc in PDFs: Hiding malicious Word docs in PDF files

Japan's computer emergency response team (JPCERT) is sharing a new 'MalDoc in PDF' attack detected in July 2023 that bypasses detection by embedding malicious Word files into PDFs.

Bleeping Computer 2023年08月29日 226 觀看次數

Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks

Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model.

Cyware News 2023年08月29日 124 觀看次數

ICO calls social media firms to protect people's data from scraping

UK's Information Commissioner's Office (ICO), together with eleven data protection and privacy authorities from around the world, have published a statement calling social media platforms to up their protections against data scrapers. [...]

Bleepingcomputer 2023年08月26日 206 觀看次數

Luna Grabber Malware Targets Roblox Gaming Devs

Roblox gaming developers are lured in by a package that claims to create useful scripts to interact with the Roblox website, for example by “promot(ing) users, shout events, and so on, or to create Discord utiltiies (sic) to manage their...

Dark Reading 2023年08月26日 203 觀看次數

FBI warns of patched Barracuda ESG appliances still being hacked

The Federal Bureau of Investigation warned that patches for a critical Barracuda Email Security Gateway (ESG) remote command injection flaw are "ineffective," and patched appliances are still being compromised in ongoing attacks. [...]

Bleepingcomputer 2023年08月25日 258 觀看次數

Jupiter X Core WordPress plugin could let hackers hijack sites

Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow hijacking accounts and uploading files without authentication. [...]

Bleepingcomputer 2023年08月25日 247 觀看次數