相關新聞 | HKCERT

Hackers abuse Google Command and Control red team tool in attacks

The Chinese state-sponsored hacking group APT41 was found abusing the GC2 (Google Command and Control) red teaming tool in data theft attacks against a Taiwanese media and an Italian job search company. [...]

Bleepingcomputer 2023年04月18日 242 觀看次數

New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal. The latest activity, which commenced on April 4, 2023, has primarily targeted users in Germany, Argentina, Italy, Algeria, ...

The Hacker News 2023年04月18日 249 觀看次數

New sandbox escape PoC exploit available for VM2 library, patch now

Security researchers have released yet another sandbox escape proof of concept (PoC) exploit that makes it possible to execute unsafe code on the host running the VM2 sandbox. [...]

Bleepingcomputer 2023年04月18日 254 觀看次數

Android malware infiltrates 60 Google Play apps with 100M installs

A new Android malware named 'Goldoson' has infiltrated Google Play through 60 legitimate apps that collectively have 100 million downloads.

Bleepingcomputer 2023年04月17日 606 觀看次數

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year.

Bleepingcomputer 2023年04月17日 438 觀看次數

Windows admins warned to patch critical MSMQ QueueJumper bug

Security researchers and experts warn of a critical vulnerability in the Windows Message Queuing (MSMQ) middleware service patched by Microsoft during this month's Patch Tuesday and exposing hundreds of thousands of systems to attacks. [...]

Bleepingcomputer 2023年04月13日 251 觀看次數

1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs

A wide-ranging campaign to inject malicious code into WordPress-run websites has been ongoing for at least five years.

Dark Reading 2023年04月12日 468 觀看次數

Hacked sites caught spreading malware via fake Chrome updates

Hackers are compromising websites to inject scripts that display fake Google Chrome automatic update errors that distribute malware to unaware visitors. [...]

Bleepingcomputer 2023年04月12日 241 觀看次數

Hyundai data breach exposes owner details in France and Italy

Hyundai has disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data. [...]

Bleepingcomputer 2023年04月12日 241 觀看次數

Windows zero-day vulnerability exploited in ransomware attacks

Microsoft has patched a zero-day vulnerability in the Windows Common Log File System (CLFS), actively exploited by cybercriminals to escalate privileges and deploy Nokoyawa ransomware payloads. [...]

Bleepingcomputer 2023年04月12日 280 觀看次數