2017-W52 (25 Dec - 31 Dec 2017)
- Loapi Trojan - a Swiss Army knife for Android attackers
- Browser login managers exploited by web trackers
|
2017-W51 (18 Dec - 24 Dec 2017)
- JScript exploitation in Windows via automatic proxy configuration
- Firewall bursting with cloud computing
|
2017-W50 (11 Dec - 17 Dec 2017)
- Rogue admin account created at unpatched WordPress websites
- MailSploit lets spoofed emails bypass DMARC
- Traffic to popular websites routed through Russian ISP
|
2017-W49 (4 Dec - 10 Dec 2017)
- Satori botnet building up forces
- Emerging trends in vulnerability management
|
2017-W48 (27 Nov - 3 Dec 2017)
- 蘋果macOS作業系統帳戶驗證機制存在保安漏洞
- Misconfigured file sharing exposed personal information of 10,000 staff
|
2017-W47 (20 Nov - 26 Nov 2017)
- Web analytics tools keylogging website visitors
- Security challenges for hybrid cloud
|
2017-W46 (13 Nov - 19 Nov 2017)
- #AVGater: Anti-malware flaw causing local privilege escalation
- One third of attacks on endpoints would be fileless in 2018
|
2017-W45 (6 Nov - 12 Nov 2017)
- Misconfigured cloud storages vulnerable to GhostWriter attack
- Banking Trojan targets search results
|
2017-W44 (30 Oct - 5 Nov 2017)
- Estonia freezes 760,000 vulnerable resident ID cards
- Abuse of RDP for Crysis ransomware implantations
- Combosquatting: a simple trick but a growing threat
|
2017-W43 (23 Oct - 29 Oct 2017)
- Bad Rabbit ransomware hopping across Europe
- DDE as attack vector in malware campaigns
|
2017-W42 (16 Oct - 22 Oct 2017)
- WPA/WPA2 vulnerabilities leave Wi-Fi networks open to KRACK attack
- Infineon TPM generates insecure RSA key pairs
|
2017-W41 (9 Oct - 15 Oct 2017)
- New smart speaker found eavesdropping everything
- Cryptojacking consumes your computer to make money
|
2017-W40 (2 Oct - 8 Oct 2017)
- Seven vulnerabilities found in Dnsmasq
- Top mobile apps blacklisted by enterprises
|
2017-W39 (25 Sep - 1 Oct 2017)
- Security flaw in Wi-Fi chipset threatening iOS and Android devices
- 手機流動支付金有被盜用風險
|
2017-W38 (18 Sep - 24 Sep 2017)
- CCleaner supply chain malware targeted on technology giants
- SafeBrowse Chrome extension was found mining cryptocurrency secretly on users’ computer
|
2017-W37 (11 Sep - 17 Sep 2017)
- BlueBorne: a new attack vector comes to Bluetooth devices
- Upgrade Apache Struts immediately to fix another actively exploiting flaw
|
2017-W36 (4 Sep - 10 Sep 2017)
- New wave of ransom attacks on MongoDB servers
- Over 28 million users’ data exposed in a massive data breach
|
2017-W35 (28 Aug - 3 Sep 2017)
- Over thousands internet-connected devices left wide open to hackers
- 瀏覽器防護機制存漏洞 擴充程式可被黑客利用
|
2017-W34 (21 Aug - 27 Aug 2017)
- Android mobile apps turned into spyware by advertising kit
- DDoS attacks rose again markedly in Q2 2017
|
2017-W33 (14 Aug - 20 Aug 2017)
- New PowerPoint attack with old flaw
- Millions open ports for publicly accessible remote desktops
|
2017-W32 (7 Aug - 13 Aug 2017)
- A research found iOS users the biggest mobile phishing target
- Adobe is planning to end-of-life Flash in 2020
|
2017-W31 (31 July - 6 Aug 2017)
- Trickbot banking Trojan resembles WannaCry way to spread
- Typo-squatting attack on npm went undetected for two weeks
- Application denial-of-service in microservice architectures
|
2017-W30 (24 July - 30 July 2017)
- "Careless with secret information" risks country-wide data leak
- SMBloris – denial of service attack targeting Windows servers
|
2017-W29 (17 July - 23 July 2017)
- A "key" milestone in protecting the DNS
- 消委會:通訊App欠點對點加密 訊息易外泄
|
2017-W28 (10 July - 16 July 2017)
- Hundreds of domains hijacked
- Defend your website with ZIP bombs
|
2017-W27 (3 July - 9 July 2017)
- Researchers crack GnuPG crypto library to steal 1024-bit RSA encryption private key
- CopyCat malware infected 14 million Android devices around the world
- Dumping credentials from Windows Local Security Authority Subsystem (LSASS) for malware spreading
|
2017-W26 (26 June - 2 July 2017)
- Petrwrap ransomware outbreak goes global
- WordPress plugin used by 300,000+ sites found vulnerable to SQL injection attack
|
2017-W25 (19 June - 25 June 2017)
- The British Parliament has been hit by a cyberattack
- Few victims reporting ransomware attacks to FBI
- Personal details of nearly 200 million U.S. citizens exposed
|
2017-W24 (12 June - 18 June 2017)
- Patch NOW for critical Windows vulnerabilities facing destructive cyber-attacks
- HIDDEN COBRA denial-of-service botnet infrastructure
- Xavier: an information stealing ad library on Android
|
2017-W23 (5 June - 11 June 2017)
- Botnets overshadowed by ransomware
- Organisations failing to upgrade systems and enforce patches
|
2017-W22 (29 May - 4 June 2017)
- The Judy malware spreads through apps on Google Play
- Fireball ignites 250 million computers worldwide
- Random numbers: Hard times ahead for hackers
|
2017-W21 (22 May - 28 May 2017)
- EternalRocks spreads through additional Shadow Brokers exploits
- SambaCry? No panic and fix it
- Persirai 惡意程式肆虐 IP Cam 或會成為殭屍網絡一員
|
2017-W20 (15 May - 21 May 2017)
- Behind WannaCry, Jaff, UIWIX and Adylkuzz line up
- WannaCry 勒索軟件香港最新狀況
- Fake WhatsApp.com URL gets users to install adware
|
2017-W19 (8 May - 14 May 2017)
- Massive ransomware infections hit computers around the world
- Deprecation of SHA-1 for SSL/TLS certificates in Microsoft Edge and Internet Explorer 11
- 台灣 1.7 億項個人資料外泄 犯罪集團涉販賣個人資料牟利
|
2017-W18 (1 May - 7 May 2017)
- Intrusion affecting multiple victims across multiple sectors
- Intel patches a critical CPU vulnerability
|
2017-W17 (24 April - 30 April 2017)
- INTERPOL operation uncovers nearly 9,000 C2 servers in ASEAN
- 微軟花 9 個月修復漏洞 黑客趁機盜百萬帳戶
- 流動電話如何變成企業威脅?
|
2017-W16 (17 April - 23 April 2017)
- BrickerBot permanent denial-of-service attack
- When flashlights attack, Android passwords get stolen
|
2017-W15 (10 April - 16 April 2017)
- Stealing PINs via mobile sensors: actual risk versus user perception
- Shadow Brokers release more NSA exploits
- 何郭佩珍中學電郵泄學生及家長資料
|
2017-W14 (3 April - 9 April 2017)
- iCloud mail phishing scam wants to steal Apple accounts, banking data, identity
- Smartphones using Broadcom Wi-Fi chip can be hacked over-the-air
- Microsoft Office zero-day attacks through OLE
|
2017-W13 (27 March - 2 April 2017)
- Suspected theft of Registration and Electoral Office computers
- Exploit code released for zero-day in Microsoft's IIS 6.0
|
2017-W12 (20 March - 26 March 2017)
- Hackers: we will remotely wipe iPhones unless Apple pays ransom
- DoubleAgent: taking full control over your antivirus
|
2017-W11 (13 March - 19 March 2017)
- Check Point discloses vulnerability that allowed hackers to take over hundreds of millions of WhatsApp & Telegram accounts
- U.S. charges Russian hackers for hacking millions of Yahoo email accounts
|
2017-W10 (6 March - 12 March 2017)
- WikiLeaks releases files on CIA cyber spying tools which can compromise desktop operating systems, iOS systems, Android devices, internet routers, smart TVs, and more
- Researchers from Northeastern University say tens of thousands of sites are using JavaScript libraries that are years old and contain publicly known vulnerabilities
|
2017-W09 (27 February - 5 March 2017)
- RATANKBA: Delving into large-scale watering holes against enterprises
- Three years after Heartbleed, how vulnerable are you?
|
2017-W08 (20 February - 26 February 2017)
- 94% of critical Microsoft vulnerabilities mitigated by removing admin rights
- Researchers uncover new leads behind Shamoon2
|
2017-W07 (13 February - 19 February 2017)
- Analysis of Internet-connected devices reveals millions are vulnerable to attack
- Yahoo warns users of account breaches related to recent attacks
|
2017-W06 (6 February - 12 February 2017)
- How e-mail filtering helps defend against malware and ransomware
- Newly discovered flaw undermines HTTPS connections for almost 1 000 sites
|
2017-W05 (30 January - 5 February 2017)
- Cisco 2017 Annual Cybersecurity Report: chief security officers reveal true cost of breaches and the actions organizations are taking
- Microsoft Windows SMB Tree Connect Response denial of service vulnerability
|
2017-W04 (23 January - 29 January 2017)
- Gmail will block .js file attachments starting February 13, 2017
- Evolving Office 365 Advanced Threat Protection with URL Detonation and Dynamic Delivery
|
2017-W03 (16 January - 22 January 2017)
- Locky ransomware is on the march again
- WhatsApp vulnerability allows snooping on encrypted messages
|
2017-W02 (9 January - 15 January 2017)
- Keynote Speech by Mr. Victor Lam, JP, Deputy Government Chief Information Officer, at the “Gazing Through the Crystal Ball: CyberSecurity 2017 - Predicting the Good, the Bad and the Ugly” Seminar
- MongoDB ransomware attack
|
2017-W01 (2 January - 8 January 2017)
- An APAC perspective: Cyber security predictions for 2017
- Blockchain: An answer to governmental hacking concerns
|