相關新聞 | HKCERT

New info-stealer malware infects software pirates via fake cracks sites

A new information-stealing malware named 'RisePro' is being distributed through fake cracks sites operated by the PrivateLoader pay-per-install (PPI) malware distribution service. [...]

Bleepingcomputer 2022年12月24日 319 觀看次數

Comcast Xfinity accounts hacked in widespread 2FA bypass attacks

Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges. [...]

Bleepingcomputer 2022年12月23日 219 觀看次數

DuckDuckGo now blocks Google sign-in pop-ups on all sites

DuckDuckGo apps and extensions are now blocking Google Sign-in pop-ups on all its apps and browser extensions, removing what it perceives as an annoyance and a privacy risk for its users. [...]

Bleepingcomputer 2022年12月23日 222 觀看次數

Lastpass: Hackers stole customer vault data in cloud storage breach

LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. [...]

Bleepingcomputer 2022年12月23日 353 觀看次數

GodFather Android malware targets 400 banks, crypto exchanges

An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.

Bleepingcomputer 2022年12月22日 272 觀看次數

Zerobot malware now spreads by exploiting Apache vulnerabilities

The Zerobot botnet has been upgraded to infect new devices by exploiting security vulnerabilities affecting Internet-exposed and unpatched Apache servers.

Bleepingcomputer 2022年12月22日 309 觀看次數

Ransomware gang uses new Microsoft Exchange exploit to breach servers

Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution (RCE) on vulnerable servers through Outlook Web Access (OWA). [...]

Bleepingcomputer 2022年12月21日 274 觀看次數

Malicious ‘SentinelOne’ PyPI package steals data from developers

Threat actors have published a malicious Python package on PyPI, named 'SentinelOne,' that pretends to be the legitimate SDK client for the trusted American cybersecurity firm but, in reality, steals data from developers.

Bleepingcomputer 2022年12月20日 264 觀看次數

Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale

Restaurant customer management platform SevenRooms has confirmed it suffered a data breach after a threat actor began selling stolen data on a hacking forum.

Bleepingcomputer 2022年12月20日 259 觀看次數

Glupteba malware is back in action after Google disruption

The Glupteba malware botnet has sprung back into action, infecting devices worldwide after its operation was disrupted by Google almost a year ago. [...]

Bleepingcomputer 2022年12月18日 194 觀看次數