Cybersechub.hk

RSS feed of Cybersechub.hk “Cybersechub.hk” is a community-driven cyber security information sharing and collaborative platform that enables online relationships and connections among participating organisations (Members) for sharing cyber security information, such as cyber threats and vulnerabilities.

  • Cyber Security Daily News 22/10/2021
    on October 22, 2021 at 8:33 am

    Cyber Security Daily News Industry News-麥當勞、可口可樂營銷商爆勒索軟件 麥當勞會員資料恐外洩個人資料私隱專員公署在接獲通報後對一家總部位於香港的數碼營銷公司展開調查,指該公司的電腦系統曾於 2021 年 9 月遭勒索軟件攻擊,導致由該公司處理的部份個人資料外洩,當中包括客戶姓名、出生日期、電話號碼、電郵地址及住址資料等。(Source: unwire.hk)Learn More -Google警告:駭客利用釣魚信件,以 Cookie 竊取軟體強奪 YouTuber 帳號Google的威脅分析團隊在報告中指出駭客團隊要求 YouTuber試用夾帶了惡意軟體的「測試版防毒軟件」,一旦安裝在目標用戶的電腦上,就會竊取瀏覽器中的相關 cookie,繼而竊取 YouTuber經營的 YouTube 頻道控制權。Google 指出,YouTuber 應該提高警覺,不要任意點擊任何不明的連結,同時以二階段登入驗證來保護自己的 YouTube 帳號。 (Source: 資安人)Learn More -Google launches Android Enterprise bug bounty programGoogle has announced the launch of its first vulnerability rewards program for Android Enterprise with bounties of up to $250,000. This program is used to boost the platform’s overall security and it has rewarded more than 2,000 security researchers from 84 different countries worldwide for reporting over 11,000 bugs. (Source: Bleeping Computer)Learn More

  • 勒索程式即服務(RaaS):推波助瀾了大量攻擊
    on October 22, 2021 at 2:57 am

    勒索程式即服務(RaaS)為那些原本受限於技術能力與專業知識的歹徒提供了發動攻擊所需的彈藥。所造成的結果就是讓勒索程式快速地散播到更多目標。RaaS 到底是什麼,有哪些勒索程式家族和技術和它有關?從本質上,我們可以觀察到使用 RaaS 的團體進行組織化的分工。因為此一發展,網絡犯罪生態系對各類任務有了更高的熟練度和專業化,有些人專注於滲透網絡,而有些則專注於運作勒索程式或與受害者進行贖金的談判。上圖顯示直接的勒索程式運作(左)和RaaS運作的比較。這樣的專業化,再加上精煉的勒索技巧和技術策略,讓現代勒索程式成為惡名昭彰的威脅。隨著威脅範圍不斷的擴大,預計勒索程式攻擊在未來十年內可能造成數十億美元的損失。詳細資料:https://blog.trendmicro.com.tw/?p=69932

  • CVE-2021-28632 & CVE-2021-39840: Bypassing Locks in Adobe Reader
    on October 22, 2021 at 2:35 am

    The Zero Day Initiative (ZDI) published a guest blog from security researcher Mark Vincent Yason. Over the past few months, Adobe patched several remote code execution bugs in Adobe Reader that were reported to ZDI by him. The post covers two bugs in particular: one from June 2021 (CVE-2021-28632) and one from September 2021 (CVE-2021-39840). An interesting aspect about these two bugs is that they are related – the first bug was discovered via fuzzing and the second bug was discovered by reverse engineering and then bypassing the patch for the first bug. The blog looks at the root cause of both bugs and how they were discovered.DETAILS: https://www.zerodayinitiative.com/blog/2021/10/20/cve-2021-28632-amp-cve-2021-39840-bypassing-locks-in-adobe-reader

  • Cyber Security Daily News 21/10/2021
    on October 21, 2021 at 6:49 am

    Cyber Security Daily NewsIndustry News-【一文不值】新勒索軟件BlackByte錯漏百出 遭安全專家恥笑幼稚近日網絡安全公司Trustwave 在調查一個受到勒索軟件攻擊事件時,發現一個軟件的攻擊模式和俄羅斯勒索軟件手法相似,但犯下不少低級錯誤,包括加密金鑰放在一個公開的伺服器內,使研究員可以用該金鑰拯救受害者、以及隠藏惡意編碼的技術不高等等。(Source: Wepro180)Learn More -供應鏈攻擊威脅大!全球 53%公司正暴露於其中Acronis 發布了2021年度網路安全戰備報告,講述全球疫情大流行期間網路安全概況和遠距離工作的痛點。去年的研究顯示超過 80% 的全球化跨國公司承認他們尚未準備好轉變為遠距離工作 。根據今年調查結果, 也顯示遠距離工作員工已成為網路釣魚攻擊的重點鎖定目標。 (Source: 資安人)Learn More -Cyber attacks today exploiting zero-day threats before enterprises can patchTelecom carrier in Southeast Asia was impacted by a software security loophole in a third-party file transfer appliance targeted by attacker. It raises concern about new zero-day exploits that organizations may not have time to patch them up. The effect of zero-day vulnerability is not just in Southeast Asia, but globally as well. (Source: TECHWIREASIA)Learn More

  • Trend Micro Research Report: Modern Ransomware Shake Up Banking, Government, Transportation Sectors in 1H 2021
    on October 21, 2021 at 2:55 am

    Trend Micro has just published a report titled Modern Ransomware Shake Up Banking, Government, Transportation Sectors in 1H 2021. This report collates detections from Trend Micro static and dynamic security layers from over 20 industries, some of which came from ransomware families reportedly used by big game hunters. Ransomware operators have turned their attention to critical industries — namely banking, government, and transportation. The report breaks down the potential financial, operational, and reputational impact of modern ransomware if they fall victim to an attack.Read to find our insights for 1H 2021: https://bit.ly/3C2xLro

Share This Information.

Leave a Reply

Your email address will not be published. Required fields are marked *