Aggregator

Androidアプリ「region PAY」には、ログファイルへの機微な情報の出力の脆弱性が存在します。

用户在HowToHack社区询问如何绕过受组织保护且无管理员密码的二手笔记本限制。

HackerNews 编译，转载请注明出处： 法国奢侈品牌迪奥（Dior）近期开始向美国客户发送数据泄露通知，告知其2025年5月发生的网络安全事件导致个人信息被泄露。迪奥隶属于全球最大奢侈品集团路威酩轩（LVMH），该品牌年营收超120亿美元，在全球运营数百家精品店。 此次安全事件实际发生在2025年1月26日，但公司直到2025年5月7日才察觉并启动内部调查以确定影响范围。发送给受影响个人的通知中写道：“调查确定，未授权方于2025年1月26日非法访问了包含迪奥客户信息的数据库。迪奥已迅速采取措施控制事件，目前无证据表明系统后续再遭入侵。” 根据调查结果，以下信息已遭泄露： 全名 联系方式 住址 出生日期 护照或政府身份证号码（部分情况） 社保号码（部分情况） 公司澄清称，被入侵数据库未包含银行账户或支付卡信息等支付详情，故此类财务数据仍安全。迪奥已据此通知执法部门，并聘请第三方网络安全专家协助控制事件。 收到通知的用户需警惕诈骗和钓鱼企图，密切监控金融账户活动，及时识别并报告可疑行为。通知信函同时附带了免费领取24个月信用监控及身份盗窃保护服务的操作指南，该服务有效期截至2025年10月31日。 此次事件时间点与迪奥早前在韩国和中国披露的安全事件吻合。同为LVMH集团旗下的路易威登（Louis Vuitton）近期也披露了影响英国、韩国和土耳其客户的数据泄露事件。尽管涉事公司发言人未回应澄清请求，但行业信息表明，路易威登与迪奥事件实属同一网络攻击的一部分。 据信，此次攻击与勒索团伙ShinyHunters有关，其通过入侵第三方供应商数据库获取了LVMH客户信息。若属实，路易威登可能随后发布针对美国客户的类似披露。目前，迪奥尚未回应关于受影响美国客户数量的质询。       消息来源：bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

文章描述了错误代码521的原因及其解决方法。该错误通常由服务器配置错误、网络连接问题或DNS设置错误引起。常见原因包括服务器无法正确处理请求或网络设备限制了数据传输。解决方法包括检查服务器配置、联系网站管理员修复问题或尝试重新连接网络以排除临时故障。

A vulnerability was found in Linux Kernel up to 6.12.12/6.13.1. It has been declared as critical. Affected by this vulnerability is the function btrtl_setup_realtek. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-57987. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.128/6.6.77/6.12.13/6.13.2. This issue affects some unknown processing of the component binfmt_flat. The manipulation of the argument full_data leads to integer overflow. The identification of this vulnerability is CVE-2024-58010. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.12/6.13.1 and classified as problematic. This issue affects the function xfrm_dst_hash. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-57982. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.12/6.13.1 and classified as problematic. This issue affects some unknown processing of the component memcg. The manipulation leads to excessive iteration. The identification of this vulnerability is CVE-2024-57977. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. It has been declared as critical. Affected by this vulnerability is the function hid_apply_multipler. The manipulation leads to infinite loop. This vulnerability is known as CVE-2024-57986. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.13.1. This affects the function cow_file_range of the file fs/btrfs/extent_io.c. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-57976. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.12/6.13.1 and classified as problematic. This vulnerability affects the function run_delalloc_nocow. The manipulation leads to insufficient verification of data authenticity. This vulnerability was named CVE-2024-57975. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3 and classified as critical. This vulnerability affects the function vidtv_mux_init of the component vidtv. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-57834. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.12.12/6.13.1. Affected by this vulnerability is an unknown functionality of the component ICMP Message Handler. The manipulation leads to excessive iteration. This vulnerability is known as CVE-2024-57974. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.78/6.12.15/6.13.3. This affects the function nfs_sysfs_link_rpc_client of the component NFS. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2024-54456. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 印度加密货币交易所CoinDCX上周遭遇黑客攻击，损失约4420万美元。公司联合创始人Neeraj Khandelwal与Sumit Gupta上周六通过社交媒体披露异常情况，随后确认被盗资金源自公司内部运营账户。 创始人声明用户资金未受影响：“受影响的操作账户已被隔离。由于运营账户与用户钱包物理隔离，风险仅限该账户，损失将由我们通过自有储备金全额承担。” 公司已向印度计算机应急响应小组（CERT-In）通报案情。 CoinDCX成立于2018年，作为印度头部加密平台拥有约1600万用户。公司表示正与安全团队合作调查事件、修复漏洞并追踪被盗资金以进行冻结回收，同时承诺推出漏洞悬赏计划。 Khandelwal及多家区块链安全公司确认，上周五晚间有价值4420万美元的USDC和USDT（两种锚定美元的稳定币）从平台盗走。CoinDCX周日发布的事件分析报告称将通过储备金覆盖损失，目前已追踪到两个分别持有2760万和1620万美元的涉事钱包，截至本周一下午虽显示清零，但专家发现资金已转移至新钱包。 Gupta在多平台警告用户防范冒充CoinDCX官员的诈骗者，强调“切勿向任何人提供账户信息”。公司承诺向协助追回资金者提供最高25%的返还金额，同时寻求黑客身份线索以提起法律诉讼。 此次攻击发生之际，距印度另一加密巨头WazirX遭窃2.3亿美元仅数月（2024年11月涉案嫌疑人被捕）。区块链安全公司Chainalysis上周数据显示，2025年全球加密资产被盗金额已达21.7亿美元，超2024年全年总和。       消息来源：therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文