相關新聞 | HKCERT

MCNA Dental data breach impacts 8.9 million people after ransomware attack

Managed Care of North America (MCNA) Dental has published a data breach notification on its website, informing almost 9 million patients that their personal data were compromised. [...]

Bleepingcomputer 2023年05月29日 227 觀看次數

Microsoft finds macOS bug that lets hackers bypass SIP root restrictions

Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install "undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control (TCC) security checks.

Bleepingcomputer 2023年05月29日 226 觀看次數

QBot malware abuses Windows WordPad EXE to infect devices

The QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program to infect computers, using the legitimate program to evade detection by security software.

Cyware News 2023年05月29日 244 觀看次數

Sports Warehouse Fined $300,000 Over Payment Card Data Theft

Investigators found that the retailer was storing nearly 20 years' worth of payment card data on its e-commerce server in plaintext format, protected by only a password, which the attacker guessed.

Cyware News 2023年05月29日 222 觀看次數

WordPress force installs critical Jetpack patch on 5 million sites

Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of websites today to address a critical vulnerability in the Jetpack WordPress plug-in.

Bleepingcomputer 2023年05月29日 282 觀看次數

Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains

A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files. [...]

Bleepingcomputer 2023年05月28日 231 觀看次數

QBot malware abuses Windows WordPad EXE to infect devices

The QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program to infect computers, using the legitimate program to evade detection by security software. [...]

Bleepingcomputer 2023年05月27日 224 觀看次數

GitLab 'strongly recommends' patching max severity flaw ASAP

GitLab has released an emergency security update, version 16..1, to address a maximum severity (CVSS v3.1 score: 10.) path traversal flaw tracked as CVE-2023-2825. [...]

Bleepingcomputer 2023年05月25日 225 觀看次數

Arms maker Rheinmetall confirms BlackBasta ransomware attack

German automotive and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business. [...]

Bleepingcomputer 2023年05月24日 266 觀看次數

Barracuda warns of email gateways breached via zero-day flaw

Barracuda, a company known for its email and network security solutions, warned customers today that some of their Email Security Gateway (ESG) appliances were breached last week by targeting a now-patched zero-day vulnerability. [...]

Bleepingcomputer 2023年05月24日 425 觀看次數