Aggregator

文章介绍了一种在 Notion 中通过自动化功能创建周期性提醒的方法，以生日提醒为例，展示了如何利用日期属性和自动化规则实现无需手动更新的长效提醒机制，并探讨了其在其他场景中的应用潜力。

文章描述了一个技术问题：错误代码521通常由Cloudflare引发，表明Web服务器返回了无效响应。此问题可能源于服务器配置错误或连接中断。建议检查网络连接或联系管理员以解决该问题。

HackerNews 编译，转载请注明出处： 位于拉斯维加斯的大型博彩公司Boyd披露，近日遭遇了一起网络安全事件，导致员工及其他部分人员的个人数据被泄露。 9月23日，Boyd公司向美国证券交易委员会（SEC）提交的8-K文件中报告了这一事件。文件显示，一名未经授权的第三方访问了其内部IT系统。 公司在文件中写道：“公司已确认，未经授权的第三方从公司的IT系统中窃取了部分数据，其中包括员工信息以及数量有限的其他个人信息。公司正在通知受影响的个人，并已或将按要求通知相关监管机构和其他政府部门。” 目前尚未披露被盗数据的具体性质，或受影响人员的数量。截至2024年底，Boyd公司共有16,129名员工。该公司在内华达州、密西西比州、伊利诺伊州、印第安纳州和路易斯安那州共拥有29家赌场和酒店。 公司表示，已在顶级网络安全专家的协助下，并与美国联邦执法部门合作，采取措施进行补救。关于事件发生的具体时间并未透露。 公司补充称，其认为此次事件不会对Boyd的财务状况或经营结果产生重大不利影响。 Boyd还表示：“公司已投保全面的网络安全保险，我们预计该保险将涵盖事件响应和取证调查相关费用，以及业务中断、法律诉讼和监管罚款（如有），但需受限于保单额度和免赔额。” 值得注意的是，2023年，另一场震动业界的事件中，拉斯维加斯的两大赌场和酒店运营商 MGM国际酒店集团和 凯撒娱乐公司在几天之内相继遭遇网络攻击。 这些勒索软件攻击被认为与“Scattered Spider”黑客组织有关，给受害公司带来了巨额成本和业务中断。     消息来源：infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

2025第十八届中国密码学会年会(ChinaCrypt2025)将于2025年11月在天津市举办

活动时间：2025年9月26—28日

A vulnerability classified as critical was found in QNAP QuRouter 2.4.3.103/2.4.4.106. Affected by this vulnerability is an unknown functionality. Such manipulation leads to sql injection. This vulnerability is referenced as CVE-2024-50389. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Siemens Teamcenter Visualization and Tecnomatix Plant Simulation. It has been declared as critical. This impacts an unknown function of the component WRL File Handler. The manipulation results in stack-based buffer overflow. This vulnerability was named CVE-2024-53041. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens Teamcenter Visualization and Tecnomatix Plant Simulation. It has been rated as critical. Affected is an unknown function of the component WRL File Handler. This manipulation causes out-of-bounds read. The identification of this vulnerability is CVE-2024-53242. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Mattermost up to 2.21.0 on Android. The impacted element is an unknown function. Such manipulation leads to improper access controls. This vulnerability is referenced as CVE-2024-11358. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is advised.

A vulnerability identified as problematic has been detected in langhsu Mblog Blog System 3.5.0. This issue affects some unknown processing of the file /login. The manipulation leads to observable response discrepancy. This vulnerability is traded as CVE-2024-13198. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, was found in Sysax Multi Server 6.99. This vulnerability affects unknown code of the file /scgi?sid. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-53459. The attack can be launched remotely. No exploit exists.

A vulnerability labeled as problematic has been found in langhsu Mblog Blog System 3.5.0. Impacted is an unknown function of the file /search of the component Search Bar. The manipulation of the argument kw results in cross site scripting. This vulnerability is known as CVE-2024-13199. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.119/6.6.65/6.12.4. Affected is the function drm_dp_sideband_append_payload. This manipulation causes memory corruption. This vulnerability is registered as CVE-2024-56616. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

A vulnerability marked as critical has been reported in QNAP QuFirewall up to 2.3.2. The affected element is an unknown function. This manipulation causes command injection. This vulnerability appears as CVE-2023-23356. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

在数字经济与实体经济深度融合的今天，网络安全早已从技术辅助工具升维为数字经济的“免疫系统”，成为国家安全、社会

当前环境异常需完成验证后方可继续访问。

150万账户在2024年9月遭泄露，于2025年9月25日被收录进HIBP数据库。建议用户立即更改密码并启用双因素认证以增强账户安全。

黑客入侵数百个软件开发包，利用Shai-Hulud蠕虫感染超500个软件包并窃取敏感凭证。恶意软件传播代码至其他包，GitHub移除被入侵包并阻止新上传以切断传播链。开发者需更换凭证并留意异常网络行为。

Last week, cybersecurity experts and tech companies raised alarms about a widespread software supply chain compromise involving Shai-Hulud — a self-replicating worm that was used to infect more than 500 packages embedded in various software.

· 阿里宣布「超级智能」目标，股价一度上涨 10.5%，创将近四年新高； · 理想汽车被指未经授权用歼-20 战机做宣传海报，中航工业发声