相關新聞 | HKCERT

Fog ransomware targets SonicWall VPNs to breach corporate networks

Fog and Akira ransomware operators have increased their exploitation efforts of CVE-2024-40766, a critical access control flaw that allows unauthorized access to resources on the SSL VPN feature of SonicWall SonicOS firewalls. [...]

Bleepingcomputer 2024年10月28日 67 觀看次數

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver malware, a...

The Hacker News 2024年10月28日 48 觀看次數

Windows 11 24H2: The hardware and software blocking the new update

Windows 11 24H2 is unavailable for thousands of users due to safeguard or compatibility holds Microsoft has placed on specific device and software configurations. [...]

Bleepingcomputer 2024年10月28日 75 觀看次數

AWS's Predictable Bucket Names Make Accounts Easier to Crack

Amazon's open source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.

Dark Reading 2024年10月25日 84 觀看次數

Google offers its AI watermarking tech as free open source toolkit

SynthID provides a hidden way to mark LLM output as artificial.

Ars Technica 2024年10月24日 51 觀看次數

CISA proposes new security requirements to protect govt, personal data

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is proposing security requirements to prevent adversary states from accessing American's personal data as well as government-related information. [...]

Bleepingcomputer 2024年10月23日 58 觀看次數

Fortinet warns of new critical FortiManager flaw used in zero-day attacks

Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. [...]

Bleepingcomputer 2024年10月23日 47 觀看次數

Cheap AI “video scraping” can now extract data from any screen recording

Researcher feeds screen recordings into Gemini to extract accurate information with ease.

Ars Technica 2024年10月18日 93 觀看次數

Fake Google Meet conference errors push infostealing malware

A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems. [...]

Bleepingcomputer 2024年10月18日 76 觀看次數

Microsoft warns it lost some customer's security logs for a month

Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity. [...]

Bleepingcomputer 2024年10月18日 89 觀看次數