相關新聞 | HKCERT

Australian Clinical Labs says patient data stolen in ransomware attack

Australian Clinical Labs (ACL) has disclosed a February 2022 data breach that impacted its Medlab Pathology business, exposing the medical records and other sensitive information of 223,000 people. [...]

Bleepingcomputer 2022年10月28日 269 觀看次數

Drinik Android malware now targets users of 18 Indian banks

A new version of the Drinik Android banking trojan targets 18 Indian banks, masquerading as the country's official tax management app to steal victims' personal information and banking credentials. [...]

Bleepingcomputer 2022年10月28日 253 觀看次數

iOS Bug Lets Apps Record Siri Conversations

Without even asking for permissions, the newly discovered 'SiriSpy' flaw in Apple's iOS Bluetooth access could allow someone to access user interactions with Siri and keyboard-dictation audio.

Dark Reading 2022年10月28日 270 觀看次數

Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards

Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals.

The Hacker News 2022年10月26日 270 觀看次數

Massive cryptomining campaign abuses free-tier cloud dev resources

An automated and large-scale 'freejacking' campaign abuses free GitHub, Heroku, and Buddy services to mine cryptocurrency at the provider's expense.

Bleeping Computer 2022年10月26日 298 觀看次數

Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog

Cybersecurity researchers have disclosed details about a pair of vulnerabilities in shoppingmode Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS).

The Hacker News 2022年10月26日 284 觀看次數

Apple fixes new zero-day used in attacks against iPhones, iPads

In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year. [...]

Bleepingcomputer 2022年10月25日 262 觀看次數

Chrome extensions with 1 million installs hijack targets’ browsers

Researchers at Guardio Labs have discovered a new malvertizing campaign pushing Google Chrome and Microsoft Edge extensions that hijack searches and insert affiliate links into webpages. [...]

Bleepingcomputer 2022年10月25日 284 觀看次數

Exploited Windows zero-day lets JavaScript files bypass security warnings

A new Windows zero-day allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.

Bleepingcomputer 2022年10月24日 280 觀看次數

Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware

A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines.

The Hacker News 2022年10月24日 284 觀看次數