相關新聞 | HKCERT

Researchers to release PoC exploit for critical Zoho RCE bug, patch now

Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products. [...]

Bleepingcomputer 2023年01月17日 364 觀看次數

Avast releases free BianLian ransomware decryptor

Security software company Avast has released a free decryptor for the BianLian ransomware strain to help victims of the malware recover locked files without paying the hackers. [...]

Bleepingcomputer 2023年01月16日 398 觀看次數

CircleCI's hack caused by malware stealing engineer's 2FA-backed session

Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that stole the employee's 2FA-backed SSO session, allowing access to the company's internal systems. [...]

Bleepingcomputer 2023年01月15日 228 觀看次數

Canada's largest alcohol retailer's site hacked to steal credit cards

The Liquor Control Board of Ontario (LCBO), a Canadian government enterprise and the country's largest beverage alcohol retailer, revealed that unknown attackers had breached its website to inject malicious code designed to steal customer and credit card information at check-out. [....

Bleepingcomputer 2023年01月14日 212 觀看次數

Critical Cisco SMB Router Flaw Allows Authentication Bypass, PoC Available

Unpatched Cisco bugs, tracked as CVE-2023-20025 and CVE-2023-20026, allow lateral movement, data theft, and malware infestations.

Dark Reading 2023年01月13日 290 觀看次數

Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day

Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets. [...]

Bleepingcomputer 2023年01月13日 390 觀看次數

Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw

Microsoft says Cuba ransomware threat actors are hacking their way into victims' networks via Microsoft Exchange servers unpatched against a critical server-side request forgery (SSRF) vulnerability also exploited in Play ransomware attacks. [...]

Bleepingcomputer 2023年01月13日 281 觀看次數

SAP's First Security Updates for 2023 Resolve Critical Vulnerabilities

SAP this week announced the release of 12 new and updated security notes as part of the January 2023 Security Patch Day, including seven ‘hot news’ notes that address critical-severity vulnerabilities.

The Hacker News 2023年01月12日 275 觀看次數

Scattered Spider hackers use old Intel driver to bypass security

A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products.

The Hacker News 2023年01月12日 216 觀看次數

Over 1,300 fake AnyDesk sites push Vidar info-stealing malware

A massive campaign using over 1,300 domains to impersonate the official AnyDesk site is underway, all redirecting to a Dropbox folder recently pushing the Vidar information-stealing malware. [...]

Bleepingcomputer 2023年01月11日 244 觀看次數