黑客滥用 Microsoft OAuth 应用程序来破坏公司电子邮件帐户
周二,微软宣布已采取行动,禁用用于构建有害 OAuth 应用程序的虚假 Microsoft 合作伙伴网络 (MPN) 帐户,作为旨在渗透企业云环境并窃取电子邮件的网络钓鱼活动的一部分。这家 IT 公司声称欺诈者“构建了随后 [...]
文章
网络安全
技术
文章
网络安全
微软建议用户及时更新 Exchange 服务器并采取预防措施
微软建议用户将他们的 Exchange 服务器保持在最新状态,并采取预防措施,例如打开 Windows 扩展保护和设置基于证书的 PowerShell 序列化有效负载签名。该软件巨头的 Exchange 团队在一篇帖子中表示,试图以未打补丁的 Exchange 服务器为目标的攻击者不会停止。未打补丁的价值 […]
文章
网络安全
技术
英国网络机构警告俄罗斯和伊朗黑客瞄准关键行业
周四,英国国家网络安全中心 (NCSC) 就伊朗和俄罗斯国家支持的攻击者进行的鱼叉式网络钓鱼攻击发出警告。 SEABORGIUM(也称为 Callisto、COLDRIVER 和 TA446)和 APT42 被该机构指责为入侵(又名 ITG18、TA453 和 Yellow Garuda)。尽管[...]的方式相似
文章
网络安全
技术
超过 4,500 个 Worldpress 网站被黑,将访问者重定向到粗略的广告页面
作为自 2017 年以来一直活跃的运行操作的一部分,一场大规模的活动已经感染了 4,500 多个 WordPress 网站。根据 Godaddy 的所有者,Sucuri 的说法,感染涉及注入托管在名为“track[.] violetlovelines[.]com,旨在将访问者重定向到一些不需要的网站。最新的 […]
文章
网络安全
技术
中国黑客在 Dragon Spark 攻击中使用 Golang 恶意软件
Organizations in East Asia are targeted by likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. Chinese hackers utilize malware and attacks are characterized by use of open source SparkRAT and malware which attempts to evade detection through a Golang source code interpretation. A striking aspect of the intrusions is […]
文章
网络安全
技术
Emotet Malware Makes a Comeback with New Evasion Technique
The Emotet malware operation has continued to refine its tactics in a effort to fly under the radar while acting as a conduit for other dangerous malware such as Bumblebee and IcedID. Emotet which is officially reemerged in late 2021 after which a coordinated takedown of its infrastructure by authorities earlier that year which has […]
文章
网络安全
技术
Apple issues Update for older Devices
Apple has fixes for a recently disclosed critical security flaw that is affecting older devices which is reciting evidence of active exploitation. The issue which is tracked as CVE-2022-42856 and is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content. While it […]
文章
网络安全
技术
Samsung Galaxy Store App Vulnerable to Sneaky App Install
Two security flaws has disclosed in Samsung’s Galaxy Store app for Android that are exploited by a local attacker to install arbitrary apps to fraudulent landing pages on the web. The issues that tracked as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Group which is notified to the South Korean chaebol in November and December […]
网络安全
技术
Chinese Hackers Exploited Recent Fortinet Flaw
Suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks which are targeting a European government entity and a managed service provider (MSP)that is located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation is occurred as early as October 2022which is at least […]
文章
网络安全
技术
Warning for Android Users,New Hook Malware with RAT Capabilities Emerges
The threat actor behind the BlackRock and ERMAC Android banking trojans has uncovered yet another malware for rent called Hook which introduces new capabilities to access files that are stored in the devices and create a remote interactive session. Hook as a novel ERMAC fork which is advertised for sale for $7,000 per month while […]
简体中文 
English 
हिन्दी 
ગુજરાતી 
தமிழ் 
తెలుగు 
मराठी 
മലയാളം 
বাংলা 
Français de Belgique 
Deutsch (Schweiz) 
Deutsch (Sie) 
Deutsch 
English (Canada) 
English (New Zealand) 
English (UK) 
English (Australia) 
English (South Africa) 
Afrikaans 
اردو 
العربية 
Русский 
Azərbaycan dili 
অসমীয়া 
Magyar 
Bahasa Indonesia 
Español de Argentina 
Español de Colombia 
日本語 
Italiano 
Tiếng Việt 
Українська 
فارسی 
Français du Canada