相關新聞 | HKCERT

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access

Ransomware actors targeting ESXi bare metal hypervisors are leveraging SSH tunneling to persist on the system while remaining undetected. [...]

Bleepingcomputer 2025年01月26日 69 觀看次數

PayPal to pay $2 million settlement over 2022 data breach

New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state's cybersecurity regulations, leading to a 2022 data breach. [...]

Bleepingcomputer 2025年01月25日 53 觀看次數

Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug

No in-the-wild exploits … yet Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices.…

The Register 2025年01月24日 101 觀看次數

7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now

A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives. [...]

Bleepingcomputer 2025年01月22日 101 觀看次數

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks.

The Hacker News 2025年01月21日 93 觀看次數

OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries

The S in LLM stands for Security OpenAI's ChatGPT crawler appears to be willing to initiate distributed denial of service (DDoS) attacks on arbitrary websites, a reported vulnerability the tech giant has yet to acknowledge.…

The Register 2025年01月20日 192 觀看次數

Star Blizzard hackers abuse WhatsApp to target high-value diplomats

Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. [...]

Bleepingcomputer 2025年01月19日 143 觀看次數

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a...

Krebs on Security 2025年01月17日 95 觀看次數

W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks

A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. [...]

Bleepingcomputer 2025年01月17日 91 觀看次數

Attackers Hijack Google Advertiser Accounts to Spread Malware

It's an especially brazen form of malvertising, researchers say, striking at the heart of Google's business; the tech giant says it's aware of the issue and is working quickly to address the problem.

Dark Reading 2025年01月16日 140 觀看次數