Aggregator

A vulnerability was found in Mozilla Firefox and Thunderbird. It has been classified as problematic. Affected by this issue is some unknown functionality of the component SVG Event Handler. This manipulation causes cross site scripting. This vulnerability appears as CVE-2020-26956. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.1. This affects an unknown function of the component nfs_common. This manipulation causes improper locking. The identification of this vulnerability is CVE-2024-56743. The attack needs to be done within the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.136/5.15.60/5.18.17/5.19.1 and classified as critical. Impacted is the function nf_tables of the component netfilter. Performing manipulation results in use after free. This vulnerability is reported as CVE-2022-50212. The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.7.5. Affected is the function rm3100_common_probe of the component magnetometer. The manipulation results in out-of-bounds read. This vulnerability is known as CVE-2024-26702. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

记一次javaMelody未授权漏洞的利用

文章描述了错误代码521的含义及其常见原因。该错误通常由Cloudflare引发，表示服务器暂时无法处理请求。可能的原因包括服务器过载、配置问题或网络连接不稳定。解决方法包括检查服务器状态、优化配置或联系服务提供商以排除故障。

HackerNews 编译，转载请注明出处： 美国司法部宣布从涉嫌勒索软件运营者Ianis Aleksandrovich Antropenko处查获逾280万美元加密货币。Antropenko在德克萨斯州被起诉，罪名包括计算机欺诈和洗钱，其犯罪活动关联现已停止运营的Zeppelin勒索软件（2019至2022年间活跃）。除数字资产外，当局还扣押7万美元现金及一辆豪华汽车。 “Antropenko使用Zeppelin勒索软件攻击全球范围内的个人、企业及组织（包括美国境内目标）”，司法部声明指出，“具体而言，Antropenko及其同伙会加密并窃取受害者数据，通常以解密数据、避免公开或承诺删除数据为条件勒索赎金”。 收到赎金后，Antropenko试图通过混币服务ChipMixer洗钱（该服务于2023年3月被当局查封）。其他洗钱手段包括加密货币兑现金交易及结构化存款（将大额资金拆分为小额存款以规避银行监管）。 Zeppelin勒索软件于2019年末作为VegaLocker/Buran勒索软件变种出现，通过利用MSP软件漏洞攻击医疗和IT企业。2021年沉寂后重启攻击，但后续攻击的加密方案显示出技术缺陷。至2022年11月该组织基本停止活动——当时曝光的安全研究显示，Unit221b团队自2020年初就掌握免费解密密钥可协助受害者恢复文件。2024年1月有消息称Zeppelin勒索软件源代码在某黑客论坛以500美元价格出售。 针对Antropenko的起诉表明，即使网络犯罪活动已停止多年，证据仍能揭露攻击者身份。此次280万美元赃款扣押行动，延续了美国当局近期打击勒索软件的系列举措（包括从BlackSuit勒索软件查获100万美元加密货币、从Chaos勒索软件查获240万美元比特币）。 在无法实施逮捕的案件中，查没犯罪所得对打击勒索软件至关重要——此举能有效阻止运营者及关联方利用资金重建基础设施或招募新成员。       消息来源： bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Linux Kernel up to 5.0.9 and classified as critical. This affects the function mmget_not_zero/get_task_mm of the file fs/userfaultfd.c of the component Coredump. The manipulation results in race condition. This vulnerability was named CVE-2019-11599. The attack needs to be approached locally. In addition, an exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.0.9. Affected is the function mmget_not_zero/get_task_mm of the component Fix CVE-2019-11599. Performing manipulation results in improper locking. This vulnerability was named CVE-2019-14898. The attack needs to be approached locally. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle MySQL Server up to 5.7.34/8.0.25. It has been declared as critical. The impacted element is an unknown function of the component InnoDB. Executing manipulation can lead to denial of service. The identification of this vulnerability is CVE-2021-2390. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Oracle MySQL Client up to 8.0.19. The impacted element is an unknown function of the component C API. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2021-2006. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.1. This vulnerability affects the function bfq_release_process_ref. Executing manipulation can lead to use after free. This vulnerability is tracked as CVE-2024-53182. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.10.87/5.15.10. This impacts the function renoir_init_smc_tables. Executing manipulation can lead to memory leak. This vulnerability is handled as CVE-2021-4453. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

文章指出HTTP/1.1协议存在严重设计缺陷，导致解析差异攻击频繁发生，使数百万网站面临接管风险。尽管过去六年中进行了多次修复尝试，但问题仍未解决。作者开发了开源工具检测漏洞，并通过实际案例展示了攻击的严重性。最终强调HTTP/2是解决这一问题的长期方案，并呼吁淘汰HTTP/1.1。

这篇文章详细解释了错误代码521的成因及其对网站的影响，并提供了有效的解决方法。

HackerNews 编译，转载请注明出处： 美国财政部宣布对俄罗斯加密货币交易所Garantex的继任平台Grinex实施制裁。此前Garantex因协助勒索软件团伙洗钱已被制裁过。 TRM Labs四月发布的报告显示，Grinex与Garantex既往运营存在紧密关联，但未提供其用于非法交易的证据。2025年3月初美国当局查封Garantex域名后（该平台处理了价值1亿美元的非法交易并为网络犯罪团伙洗钱），与Garantex相关的Telegram频道迅速开始推广Grinex。Garantex管理人员Aleksandr Mira Serda和Aleksej Besciokov随后被起诉，其中Besciokov在印度度假期间被捕。 Garantex早在2022年4月就因关联暗网市场及网络犯罪团伙遭美国财政部海外资产控制办公室（OFAC）制裁，涉及对象包括暗网市场Hydra、臭名昭著的Conti勒索软件即服务（RaaS）组织，以及Black Basta、LockBit、NetWalker、Ryuk和Phoenix Cryptolocker等勒索软件团伙。 “2025年3月6日美国特勤局主导执法行动后，Garantex高管立即搭建新基础设施转移客户资金至Grinex”，OFAC周四声明称，“Grinex宣传材料明确表示，该交易所是为应对Garantex遭制裁和资产冻结而成立，其运营以来已处理数十亿美元加密货币交易”。 昨日，OFAC还重启对Garantex的制裁，并新增制裁其三位联合创始人（Sergey Mendeleev、Aleksandr Mira Serda和Pavel Karavatsky）及六家俄吉两国合作企业（包括InDeFi Bank、Exved、Old Vector、A7、A71和A7 Agent），指控他们与两家受制裁加密交易平台存在关联。 美国国务院周四宣布，对提供线索促成Garantex高管逮捕或定罪者，最高奖励600万美元。财政部反恐和金融情报事务副部长John K. Hurley强调：“利用加密货币交易所洗钱和协助勒索软件攻击不仅威胁国家安全，更损害合法虚拟资产服务提供商的声誉”。 美国国务院数据披露，2019年4月至2025年3月间，Garantex处理的加密货币交易总额超960亿美元。       消息来源： bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

彭博社称美国政府正与英特尔商讨股权收购事宜，通过注资扶持其扩张芯片制造。此举旨在支持英特尔发展先进半导体技术，并加速其在美国俄亥俄州建设全球最大芯片工厂的计划。

本文介绍如何使用Debezium Connect实现MySQL到MySQL的CDC（变更数据捕获），版本为Kafka 4.0.0和Debezium 3.2.1.Final。步骤包括配置Kafka集群、创建connect-distributed主题、设置source和sink MySQL实例、创建heartbeat表，并通过Confluent Hub安装JDBC插件以实现数据同步。

文章探讨了如何通过人工智能技术提升客户服务效率和客户体验，强调了个性化服务和数据分析的重要性。