相關新聞 | HKCERT

Cisco confirms 'ongoing investigation' after crims brag about selling tons of data

Networking giant says 'no evidence' of impact on its systems but will tell customers if their info has been stolen UPDATED Cisco has confirmed it is investigating claims of stealing — and now selling — data belonging to the networking giant.…

The Register 2024年10月17日 153 觀看次數

Critical default credential bug in Kubernetes Image Builder allows SSH root access

It's called leaving the door wide open – especially in Proxmox A critical bug in Kubernetes Image Builder could allow unauthorized SSH access to virtual machines (VMs) thanks to default credentials being enabled during the image build process.…

The Register 2024年10月17日 77 觀看次數

SolarWinds Web Help Desk flaw is now exploited in attacks

CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. [...]

Bleepingcomputer 2024年10月17日 51 觀看次數

WhatsApp may expose the OS you use to run it – which could expose you to crooks

Meta knows messaging service creates persistent user IDs that have different qualities on each device Updated An analysis of Meta's WhatsApp messaging software reveals that it may expose which operating system a user is running, and their device setup information – including the number of linked...

The Register 2024年10月17日 62 觀看次數

EDRSilencer red team tool used in attacks to bypass security

A tool for red-team operations called EDRSilencer has been observed in malicious incidents attempting to identify security tools and mute their alerts to management consoles. [...]

Bleepingcomputer 2024年10月16日 82 觀看次數

Jetpack fixes critical information disclosure flaw existing since 2016

WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site. [...]

Bleepingcomputer 2024年10月15日 66 觀看次數

Google warns uBlock Origin and other extensions may be disabled soon

Google's Chrome Web Store is now warning that the uBlock Origin ad blocker and other extensions may soon be blocked as part of the company's deprecation of the Manifest V2 extension specification. [...]

Bleepingcomputer 2024年10月14日 66 觀看次數

Iranian hackers now exploit Windows flaw to elevate privileges

The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region. [...]

Bleepingcomputer 2024年10月13日 49 觀看次數

OpenAI confirms threat actors use ChatGPT to write malware

OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. [...]

Bleepingcomputer 2024年10月12日 58 觀看次數

New Mamba 2FA bypass service targets Microsoft 365 accounts

An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages.

Bleeping Computer 2024年10月09日 136 觀看次數