Aggregator

A vulnerability was found in Linux Kernel up to 5.15.85/6.0.15/6.1.1 and classified as critical. This affects the function mmc_add_host. Such manipulation leads to unchecked return value. This vulnerability is uniquely identified as CVE-2022-50267. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.1 and classified as critical. Affected by this issue is the function az6027_i2c_xfer of the component media. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2022-50272. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.1. Affected by this vulnerability is the function of_get_next_parent of the component cxl. The manipulation results in improper update of reference count. This vulnerability is known as CVE-2022-50311. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.1. Affected is the function acpi_put_table of the component Radeon Driver. The manipulation leads to memory leak. This vulnerability is traded as CVE-2022-50275. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.15.98/6.1.15/6.2.2. This impacts the function vkms_init of the component Vkms Module. Executing manipulation can lead to unchecked return value. This vulnerability appears as CVE-2022-50269. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.1. This affects the function mmc_add_host. Performing manipulation results in unchecked return value. This vulnerability is reported as CVE-2022-50268. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.41/6.4.6. The impacted element is the function release_folio of the file generic/476. Such manipulation leads to buffer overflow. This vulnerability is documented as CVE-2023-53247. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.0.2. The affected element is the function nbd_start_device_ioctl of the component nbd. This manipulation causes denial of service. This vulnerability is registered as CVE-2022-50314. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.0.2. Impacted is the function dump_stack. The manipulation results in allocation of resources. This vulnerability is cataloged as CVE-2022-50271. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 5.15.85/6.0.15/6.1.1. This issue affects the function vfs_lock_file. The manipulation leads to privilege escalation. This vulnerability is listed as CVE-2022-50302. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.1. This vulnerability affects the function hswep_has_limit_sbox. Executing manipulation can lead to improper update of reference count. This vulnerability is tracked as CVE-2022-50318. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.5. It has been rated as critical. This affects the function ip6mr_sk_done. Performing manipulation results in improper initialization. This vulnerability is identified as CVE-2022-50310. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.0.2. It has been declared as critical. Affected by this issue is the function of_get_child_by_name of the component media. Such manipulation leads to improper update of reference count. This vulnerability is referenced as CVE-2022-50309. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.16/6.1.2. It has been classified as critical. Affected by this vulnerability is the function msc313_rtc_probe. This manipulation causes incorrect control flow. The identification of this vulnerability is CVE-2022-50322. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

本文刊载于《公安学研究》2025年第3期。为方便阅读，编辑中对部分文本进行加黑并删除了文章脚注。

近来发现很多涉网案件开始使用CDN技术来隐藏源服务器IP，对司法机关取证封锁源头IP造成一定的难度，那么如何对这种使用CDN技术的网站找到其背后搭建的那台源服务器的IP？本期特邀黑产研究专家阿辉将介绍CDN的一些相关知识和取证思路。

印度 IT 服务行业产值 2500 亿美元，贡献了 GDP 的 8%，雇佣了 540 万人。外包巨头如 Tata Consultancy Services（TCS）和 Infosys 以最低 5000 美元的薪水源源不断的雇佣应届生，在培训之后胜任发达国家十倍薪水的工作，以这种劳动力套利为欧美的客户提供 IT 服务。然而生成式 AI 时代影响最大的就是初级 IT 工作，而印度的 IT 外包行业也因此深受打击。2023 财年印度四大 IT 外包巨头招聘了 22.5 万名应届生，但到了 2024 财年，招聘的应届生数量暴跌 70% 降至 6 万。TCS 和 Infosys 在 2022 财年增加了 157,000 名员工，而在 2025 财年数量降至 12,771 人。IT 外包巨头的员工总数也在几十年来首次下降，TCS 在 2024 财年的员工总数减少了逾 13,000 人，而 Infosys 则裁员 25,000 人。Accenture 等公司的研究表明，生成式 AI 能自动化 30% 至 40% 的初级程序员和测试人员的工作。应届生招聘人数的减少也改变了该行业的人口结构。Infosys 30 岁以上员工占总员工的比例从 2010 年的 81% 降至 2025 财年预计的 53%。IT 毕业生失业率超过 13%，几乎是全国平均水平的三倍。

Next month, Microsoft will begin automatically installing the Microsoft 365 Copilot app on Windows devices outside of the EEA region that have the Microsoft 365 desktop client apps. [...]

Cybercriminals are increasingly exploiting legitimate remote monitoring and management (RMM) tools to establish persistent access to compromised systems through sophisticated phishing campaigns. Joint research conducted by Red Canary Intelligence and Zscaler threat hunters has identified multiple malicious campaigns utilizing ITarian (also known as Comodo), PDQ, SimpleHelp, and Atera RMM solutions as attack vectors. The appeal […]

The post Threat Actors Leverage Several RMM Tools in Phishing Attack to Maintain Remote Access appeared first on Cyber Security News.