Aggregator

当前环境出现异常状态,需完成验证后方可继续访问。

A vulnerability was found in Linux Kernel up to 6.8.2 and classified as problematic. This issue affects some unknown processing of the file drivers/usb/gadget/udc/core.c of the component usb. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-35822. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.8.2 and classified as problematic. This vulnerability affects the function cgr_lock of the component qbman. The manipulation leads to denial of service. This vulnerability was named CVE-2024-35819. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.2. It has been declared as problematic. This vulnerability affects the function brcmf_cfg80211_detach. The manipulation leads to use after free. This vulnerability was named CVE-2024-35811. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.2. It has been rated as problematic. This issue affects the function prev_idata of the component mmc. The manipulation leads to improper validation of array index. The identification of this vulnerability is CVE-2024-35813. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.6.23/6.7.11/6.8.2. Affected is the function dma_alloc_coherent of the component swiotlb. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2024-35814. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.7.11/6.8.2. It has been classified as critical. This affects the function md_reap_sync_thread of the file md/dm-raid: of the component dm-raid. The manipulation leads to deadlock. This vulnerability is uniquely identified as CVE-2024-35808. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

文章介绍了网络威胁监控中心的值班人员Jan Kopriva及其职责，并提到当前威胁级别为绿色。同时提供了ISC Stormcast播客的链接和即将举办的“Application Security: Securing Web Apps, APIs, and Microservices”课程的信息。

A vulnerability has been found in Oracle Banking Virtual Account Management up to 14.7.0 and classified as critical. This vulnerability affects unknown code of the component Common Core. The manipulation leads to information disclosure. This vulnerability was named CVE-2023-33201. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle Financial Services Lending and Leasing up to 14.7.0 and classified as critical. This issue affects some unknown processing of the component Internal Operations. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2023-33201. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle Financial Services Revenue Management and Billing up to 6.0.0. It has been classified as critical. Affected is an unknown function of the component Infrastructure. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-33201. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Oracle Managed File Transfer 12.2.1.4.0. It has been classified as critical. Affected is an unknown function of the component MFT Runtime Server. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-33201. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Oracle WebCenter Portal 12.2.1.4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Security Framework. The manipulation leads to information disclosure. This vulnerability is known as CVE-2023-33201. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Oracle Enterprise Manager Base Platform 13.5.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component OCI Framework. The manipulation leads to information disclosure. This vulnerability is known as CVE-2023-33201. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Banking Corporate Lending Process Management up to 14.7.0. Affected by this issue is some unknown functionality of the component Base. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2023-33201. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Oracle Banking Extensibility Workbench up to 14.7.0. This affects an unknown part of the component Infrastructure. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2023-33201. It is possible to initiate the attack remotely. There is no exploit available.

文章描述了错误代码521的情况，该错误通常由Cloudflare引发，表示Web服务器无法建立连接。这可能导致用户无法正常访问网站或应用。解决方法包括检查网络连接、联系管理员或稍后再试。

HackerNews 编译，转载请注明出处： Check Point Research 的数据显示，网络犯罪分子如今平均每周针对全球组织实施 1,984 次网络攻击，较四年前激增了 143%。 2025 年第二季度，全球各组织遭受的网络攻击数量较去年同期增长了 21%，较两年前增长了 58%，与四年前相比更是激增了 2.4 倍。 尽管每周网络攻击的平均数量达到了 1,984 次，但不同行业和地区之间存在显著差异。 教育机构位居榜首，平均每周遭受 4,388 次网络攻击，较上年增长 31%。Check Point 的报告指出，教育行业持续面临压力，原因在于其安全防御资金不足，且“拥有极具诱惑力的学生和教职员工凭证财富，极易被利用”。 研究人员表示：“政府组织因其敏感数据及其可提供地缘政治筹码的能力，仍然是极具吸引力的目标。与此同时，电信行业的攻击量显著增加，突显了其作为国家关键基础设施的重要角色，以及其掌握的敏感客户信息可能成为攻击目标。” 政府组织平均每周遭受 2,632 次网络攻击，而电信行业每周则遭受 2,612 次探测攻击。Check Point 的数据收集自超过 15 万个网络和数百万个端点。 按地区划分，欧洲的网络攻击增长最为显著（22%），北美次之（20%）。研究人员指出：“虽然欧洲的平均攻击量并非最高（1,669 次），但其年增长率（22%）却是最大的，表明该地区的威胁活动呈上升趋势，攻击者正利用该地区的地缘政治紧张局势、监管碎片化以及高度集中的高价值数据。” 非洲的组织每周遭受的攻击次数最多（3,365 次），其次是亚太地区（2,874 次）。 北美公司承受着最具破坏性的勒索软件攻击的最大份额。全球报告了约 1,600 起勒索软件事件，其中 53% 发生在该地区。四分之一的勒索软件攻击袭击了欧洲公司，而亚太地区的占比为 11%。 受经济利益驱动的勒索软件附属团伙主要针对以下行业： 商业服务（10.7%） 工业制造（9.8%） 建筑与工程（9.5%） 医疗保健（7.8%） 消费品和服务（7.6%） 预计情况不会缓解。Check Point 表示：“随着网络攻击在数量和影响范围上不断增长，各组织需要采取主动而非被动的策略。以预防为先的战略，辅以分层防御和持续可见性，仍然是关键。”       消息来源： cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Debian 13 Trixie 将于 2025 年 8 月 9 日发布，作为 Debian 12 的继任者，并首次正式支持 RISC-V 架构。该版本计划于 7 月 27 日冻结，并有超过 17,000 个软件包为 RISC-V 提供支持。

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument serverIp leads to buffer overflow. This vulnerability is traded as CVE-2025-7913. It is possible to launch the attack remotely. Furthermore, there is an exploit available.