Aggregator

最近大家都在聊 MCP，发现有个最重要的点被忽略了： 通过标准化协议，将工具提供方与应用研发者解耦，这一点带

A vulnerability was found in Oracle Common Applications Calendar up to 12.2.9. It has been rated as critical. This issue affects some unknown processing of the component Notes. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2020-2820. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle Common Applications Calendar 12.1.1/12.1.2/12.1.3. Affected is an unknown function of the component Notes. The manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2020-2823. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle CRM Technical Foundation 12.1.1/12.1.2/12.1.3. Affected by this vulnerability is an unknown functionality of the component Preferences. The manipulation leads to an unknown weakness. This vulnerability is known as CVE-2020-2881. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Customer Interaction History up to 12.2.9. Affected by this issue is some unknown functionality of the component Outcome-Result. The manipulation leads to an unknown weakness. This vulnerability is handled as CVE-2020-2873. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Depot Repair 12.1.1/12.1.2/12.1.3. This affects an unknown part of the component Estimate/Actual Charges. The manipulation leads to an unknown weakness. This vulnerability is uniquely identified as CVE-2020-2842. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Depot Repair 12.1.1/12.1.2/12.1.3 and classified as critical. This vulnerability affects unknown code of the component Estimate/Actual Charges. The manipulation leads to an unknown weakness. This vulnerability was named CVE-2020-2844. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Depot Repair 12.1.1/12.1.2/12.1.3 and classified as critical. This issue affects some unknown processing of the component Estimate/Actual Charges. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2020-2845. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

山东大学齐鲁医院妇科护士论文中出现了“男性确诊子宫肌瘤”的荒诞案例，暴露出现有人才评价机制僵化的痼疾——连护士评职称都要论文凑数。这篇论文大概率出自“论文工厂”之手。“论文工厂”或通过“写手”代写、或通过人工智能软件生成，通过捏造数据、套用模板批量生产所谓“论文”，其实就是生产了一堆污染科研的学术垃圾。这些“论文”浪费大量社会资源，只有一个“用处”：满足学生毕业、专业人才职称晋升等的硬性指标。

本文提出了 Smart Detector，一种基于对比学习的恶意加密流量鲁棒检测方法。

本文提出了 Smart Detector，一种基于对比学习的恶意加密流量鲁棒检测方法。

A vulnerability was found in Oracle Depot Repair 12.1.1/12.1.2/12.1.3. It has been classified as critical. Affected is an unknown function of the component Estimate/Actual Charges. The manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2020-2846. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Depot Repair 12.1.1/12.1.2/12.1.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Estimate/Actual Charges. The manipulation leads to an unknown weakness. This vulnerability is known as CVE-2020-2847. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Depot Repair 12.1.1/12.1.2/12.1.3. It has been rated as critical. Affected by this issue is some unknown functionality of the component Estimate/Actual Charges. The manipulation leads to an unknown weakness. This vulnerability is handled as CVE-2020-2848. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle Depot Repair 12.1.1/12.1.2/12.1.3. This affects an unknown part of the component Estimate/Actual Charges. The manipulation leads to an unknown weakness. This vulnerability is uniquely identified as CVE-2020-2849. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle Depot Repair 12.1.1/12.1.2/12.1.3. This vulnerability affects unknown code of the component Estimate/Actual Charges. The manipulation leads to an unknown weakness. This vulnerability was named CVE-2020-2850. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Document Management and Collaboration up to 12.2.9. This issue affects some unknown processing of the component Attachments. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2020-2885. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3. Affected is an unknown function of the component DBI Setups. The manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2020-2808. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 周三，英国网络安全负责人宣布，该国情报部门看到了“俄罗斯网络攻击与我们安全面临的现实威胁之间存在直接联系”。 英国国家网络安全中心（NCSC）负责人理查德·霍恩在曼彻斯特举行的CYBERUK会议上警告称，莫斯科的恶意行为者“正在实施破坏行为，常常在其阴谋中使用犯罪代理”。 霍恩表示，无论是NCSC还是国内安全机构军情五处（MI5），都看到来自俄罗斯的网络威胁在英国街头显现，针对英国的各行各业和企业，使民众生命、关键服务和国家安全面临风险。 他告诉CYBERUK会议的听众，信息安全界的作用“因此不仅仅是保护系统，更是保护我们的人民、经济和社会免受伤害”。 霍恩说，NCSC无法透露行动细节，但解释说“网络手段”为一系列威胁行为者提供了侦察能力以及“发起现实威胁的能力”。 此次警告是在一系列疑似俄罗斯策划的欧洲破坏事件之后发布的。去年，欧洲各国的安全机构和政府就这些威胁发出了警告，同时北约和欧盟均谴责俄罗斯“日益加剧”的破坏活动和混合行动。 上个月，英国警方宣布逮捕了一名罗马尼亚男子，该男子涉嫌协助俄罗斯军事情报机构实施一项阴谋，其中包括一枚爆炸装置在伯明翰的DHL物流仓库爆炸。 据信，2024年7月德国莱比锡的DHL物流链发生的一起火灾也是俄罗斯所为。德国安全部门表示，如果那枚寄往英国的包裹炸弹在航班上爆炸，可能会引发空难。 第三起事件发生在7月，地点是波兰首都华沙附近。据路透社报道，这些企图被认为是未来阴谋的“预演”，俄罗斯计划在跨大西洋飞往美国和加拿大的货运航班上在空中引爆爆炸装置。 据报道，这些装置被伪装成来自立陶宛的按摩机，内部含有镁基物质，这种物质燃烧时极具破坏性，可能导致飞机坠毁。 11月，立陶宛总统吉塔纳斯·纳乌斯的首席国家安全顾问克斯蒂托尼斯·布德里斯指责俄罗斯军事情报机构格鲁乌（GRU）策划了这些阴谋。其他西方安全官员也认同这一评估，《华尔街日报》对此进行了报道。 这一指控是在波兰国家检察官办公室证实7月逮捕了4名与藏有爆炸物的包裹相关的人员之后提出的，该办公室称这些包裹被认为是对飞往美国和加拿大航班发动攻击前的试运行。另一名涉嫌在立陶宛邮寄这些包裹的男子于9月被捕。     消息来源：therecord.media； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 美国网络安全局（CISA）、联邦调查局（FBI）、环境保护局（EPA）和能源部（DoE）于周二发布警报，警告针对美国石油和天然气行业的网络攻击。 政府机构表示，这些攻击利用了基本的入侵技术，但关键基础设施组织内部糟糕的网络安全卫生状况可能导致中断甚至物理损坏。 “CISA越来越意识到一些不太复杂的网络行为者正在针对美国关键基础设施部门（石油和天然气）内的工业控制系统/监控与数据采集系统（ICS/SCADA），特别是在能源和交通系统中，”网络安全机构指出。 CISA所指的不太复杂的威胁行为者很可能是黑客行动主义团体——或者声称自己是黑客行动主义者的黑客。近年来，许多此类团体针对暴露在互联网上且未受保护或使用默认密码的SCADA及其他ICS系统发动了攻击。 尽管黑客的许多说法被夸大了，但工业网络安全专家经常警告说，这些攻击可能会产生重大影响。 在他们的警报中，CISA、FBI、EPA和DoE敦促关键基础设施组织“立即采取行动，改善其网络安全态势，以应对专门针对联网运营技术和ICS的网络威胁活动”。 为了抵御这些威胁，组织应确保运营技术（OT）系统不能直接从互联网访问，并确保通过虚拟专用网络（VPN）、强密码和防钓鱼多因素身份验证（MFA）安全地远程访问它们。 他们还应识别并立即更改默认密码，对关键系统实施网络分段，并确保能够手动操作OT系统。 此外，建议组织与相关实体合作，识别和解决在标准操作、默认产品配置或由系统集成商或托管服务提供商引入的可能配置错误。 “撰写机构建议关键基础设施组织定期与他们的第三方托管服务提供商、系统集成商和系统制造商沟通，这些实体可能能够提供系统特定的配置指导，以帮助他们确保运营技术的安全，”CISA、FBI、EPA和DoE指出。 CISA还建议关键基础设施组织审查并实施该机构近年来提供的资源，以帮助他们减少攻击面、实施网络分段、采用安全设计原则和防钓鱼MFA等。       消息来源：securityweek； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文