Aggregator

A vulnerability was found in Linux Kernel up to 5.15.173/6.1.119/6.6.65/6.12.4. It has been rated as critical. This issue affects some unknown processing of the component sysfs. The manipulation leads to divide by zero. The identification of this vulnerability is CVE-2024-56622. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.4. It has been declared as critical. Affected by this vulnerability is the function unpin_user_pages. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-56612. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.65/6.12.4. Affected is an unknown function of the component numa. The manipulation leads to memory leak. This vulnerability is traded as CVE-2024-56613. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.65/6.12.4. It has been rated as critical. This issue affects the function migrate_to_node of the component mempolicy. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2024-56611. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.4 and classified as critical. This vulnerability affects the function dcn21_link_encoder_create of the component AMD Display. The manipulation leads to improper validation of array index. This vulnerability was named CVE-2024-56608. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.4. It has been classified as critical. Affected is the function sock_init_data. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-56606. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

文章介绍了错误代码521的含义及其常见原因，并提供了相应的解决方法和预防措施。

HackerNews 编译，转载请注明出处： 荷兰司法系统遭黑客入侵事件中，俄罗斯背景的黑客被列为重点嫌疑对象。据荷兰《AD报》援引知情人士消息，有强烈迹象表明荷兰公共检察署（OM）的系统入侵事件系俄罗斯黑客所为。攻击者潜伏在司法部系统内数周未被察觉。 风险预警始于6月17日，当时检察署远程办公使用的第三方软件Citrix NetScaler被发现存在严重漏洞。该漏洞在通用漏洞评分系统（CVSS）中被评为9.3分，属于最高风险级别。检察署向《 Volkskrant 》报证实，虽已按建议更新系统，但有理由认为漏洞在修补前已被利用。 为阻断攻击，检察署主动断开内部计算机的互联网连接。据信黑客可能已潜伏数周，接触了包括在办警方调查案卷、未审结刑事案件卷宗及员工个人信息在内的高度敏感数据。目前尚不明确具体泄露的数据范围。 历史关联 此次并非荷兰首次遭俄罗斯黑客锁定。2024年5月，荷兰情报安全局（AIVD）已确认俄罗斯黑客窃取了数万名警察的个人数据。2024年9月，荷兰国家警察披露超过65,000名警员的联系方式通过“Cookie传递攻击”从服务器被盗——该技术通过伪造用户会话凭证实施入侵。       消息来源：cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

安卓系统新增终端应用支持运行Linux图形化软件，默认安装Debian系统。最新Canary版本通过显示活动和Weston命令实现图形界面显示，并可启用硬件加速提升性能。未来将支持更多操作系统和功能。

文章描述了错误代码521的含义及其常见原因和解决方法。

HackerNews 编译，转载请注明出处： 罗马尼亚与英国执法机构在欧洲刑警组织（Europol）和欧盟司法合作组织（Eurojust）支持下，成功捣毁一个通过ATM欺诈获利约58万欧元（约合68.1万美元）的犯罪网络。 欧洲刑警组织7月24日声明显示，两国调查人员首先收集了该犯罪团伙及其活动的证据，相关数据经欧洲刑警组织分析后，通过联合调查组（JIT）在行动会议中共享。在掌握充分证据后，执法人员于2024年12月在英国、2025年7月23日在罗马尼亚展开两次协同突袭，共搜查18处住所，逮捕两名嫌犯，并查获房产、豪华汽车、电子设备及现金。 此次行动参与机构包括罗马尼亚国家警察及检察署、英国皇家检察署及东区特别行动组。欧洲刑警组织派遣分析师赴罗马尼亚提供现场支持，欧盟司法合作组织则协助组建联合调查组、提供跨境司法协作，并协调罗马尼亚的行动部署。 欺诈手法解析 调查发现，犯罪团伙采用“交易撤销欺诈”（TRF）技术窃取ATM现金： 操作流程：拆除ATM屏幕→插入银行卡发起取款→现金即将吐出前取消交易→手动截留现金； 其他犯罪：涉及侧录设备盗刷、伪造支付卡与交通卡，以及通过“撞库攻击”软件识别卡号实施未授权交易获利。       消息来源：infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Linux Kernel up to 6.6.65/6.12.4. It has been declared as critical. This vulnerability affects the function last_level_cache_is_valid of the component cacheinfo. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-56617. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.4. This vulnerability affects unknown code of the component qcom. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-56620. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.230/5.15.173/6.1.119/6.6.65/6.12.4. It has been classified as problematic. This affects the function in_atomic of the file kernel/locking/spinlock_rt.c of the component Function Call Handler. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2024-56610. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.15.173/6.1.119/6.6.65/6.12.4. Affected by this vulnerability is the function xsk_map_delete_elem. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2024-56614. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.4. Affected by this issue is the function can_create. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-56603. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.4 and classified as critical. This issue affects the function l2cap_sock_create. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-56605. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.4. Affected by this vulnerability is the function inet_create. The manipulation leads to use after free. This vulnerability is known as CVE-2024-56601. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.4. This affects the function ieee802154_create. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-56602. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

ISC Stormcast 播客讨论网络威胁与安全趋势，值班员Xavier Mertens报告威胁等级为绿色。节目还介绍了即将举办的“应用安全：保护Web应用、API和微服务”课程，并提供导航链接及网站功能说明。