Aggregator

A vulnerability labeled as critical has been found in Linux Kernel up to 5.19.1. The affected element is the function pxo_board of the component ARM. The manipulation results in denial of service. This vulnerability is identified as CVE-2022-50195. The attack can only be performed from the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 5.15.60/5.18.17/5.19.1. It has been rated as critical. This vulnerability affects the function tegra_slink_remove of the component spi. Performing manipulation results in improper update of reference count. This vulnerability was named CVE-2022-50192. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 5.18.17/5.19.1. This issue affects the function z_erofs_lzma_head of the component erofs. Executing manipulation can lead to state issue. The identification of this vulnerability is CVE-2022-50193. The attack needs to be done within the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 5.4.210/5.10.136/5.15.60/5.18.17/5.19.1. Impacted is the function for_each_available_child_of_node of the component soc. The manipulation leads to improper update of reference count. This vulnerability is referenced as CVE-2022-50194. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.15.60/5.18.17/5.19.1. This affects the function devm_add_action of the component spi. Such manipulation leads to improper update of reference count. This vulnerability is documented as CVE-2022-50190. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 5.19.1. It has been declared as critical. This affects the function of_get_regulation_constraints. Such manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2022-50191. The attack can only be initiated within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 5.10.136/5.15.60/5.18.17/5.19.1. Affected by this vulnerability is the function Open of the file kernel/time/timer.c of the component ath11k. The manipulation results in allocation of resources. This vulnerability is cataloged as CVE-2022-50187. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.17/5.19.1 and classified as critical. Affected by this vulnerability is the function of_find_device_by_node. The manipulation results in improper update of reference count. This vulnerability is known as CVE-2022-50188. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.17/5.19.1. It has been classified as problematic. Affected by this issue is the function htc_tx_completion of the component ath11k. This manipulation causes memory leak. This vulnerability is handled as CVE-2022-50186. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 5.18.17/5.19.1. It has been declared as critical. This impacts the function of_graph_get_remote_node. Executing manipulation can lead to improper update of reference count. This vulnerability is tracked as CVE-2022-50183. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.60/5.18.17/5.19.1. It has been rated as critical. Affected is the function of_graph_get_remote_node. The manipulation leads to improper update of reference count. This vulnerability is listed as CVE-2022-50184. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 5.19.1 and classified as critical. Affected is the function ni_set_mc_special_registers. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2022-50185. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 5.15.60/5.18.17/5.19.1. It has been classified as problematic. This affects an unknown function of the component imx-jpeg. Performing manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2022-50182. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.

HackerNews 编译，转载请注明出处： 一款基于 Mirai 的新型僵尸网络 ShadowV2，在 10 月亚马逊云服务中断期间短暂针对易受攻击的物联网设备发起攻击，此次行动很可能是一次测试运行。 10 月下旬 AWS 服务中断期间，飞塔实验室研究人员发现，基于 Mirai 的 ShadowV2 恶意软件在多个国家和行业中利用物联网漏洞发起攻击。该僵尸网络仅在服务中断期间活跃，表明其目的是为未来攻击进行测试。ShadowV2 针对多款产品的漏洞攻击物联网设备，涉及厂商及对应漏洞编号包括：DDWRT（CVE-2009-2765）、友讯（D-Link，CVE-2020-25506、CVE-2022-37055、CVE-2024-10914、CVE-2024-10915）、DigiEver（CVE-2023-52163）、TBK（CVE-2024-3721）、普联（TP-Link，CVE-2024-53375）。 该僵尸网络的攻击目标覆盖全球多个国家： 大洋洲：澳大利亚 美洲：加拿大、美国、墨西哥、巴西、玻利维亚、智利 欧洲：英国、荷兰、比利时、法国、捷克、奥地利、意大利、克罗地亚、希腊 非洲：摩洛哥、埃及、南非 亚洲：土耳其、沙特阿拉伯、俄罗斯、哈萨克斯坦、中国、泰国、日本、中国台湾地区、菲律宾 飞塔报告显示，受害行业包括科技、零售与酒店、制造业、托管安全服务提供商、政府机构、电信运营商及教育行业等。 ShadowV2 通过多个物联网漏洞传播，从 IP 地址 81 [.] 88 [.] 18 [.] 108 下载名为 binary.sh 的下载器脚本。 该恶意软件与 Mirai 的 LZRD 变种存在相似性，使用异或密钥 0x22 解码配置信息，并加载攻击路径、请求头和用户代理字符串（User-Agent）。在解析命令与控制（C2）域名后，它会连接至 81 [.] 88 [.] 18 [.] 108，并标识自身为 “面向物联网的 ShadowV2 Build v1.0.0”。随后，它会初始化多种 UDP、TCP 和 HTTP 洪水攻击方法，等待 C2 服务器下发指令，并根据接收的参数发起分布式拒绝服务（DDoS）攻击。 飞塔发布的报告指出：“ShadowV2 支持两种传输层协议（UDP 和 TCP）及 HTTP 应用层协议，实现的攻击方法包括 UDP 洪水、多种 TCP 洪水及 HTTP 层洪水。恶意软件将这些行为映射为内部函数名，例如 UDP、UDP Plain（UDP 明文）、UDP Generic（UDP 通用型）、UDP Custom（UDP 自定义型）、TCP、TCP SYN（TCP 同步包）、TCP Generic（TCP 通用型）、TCP ACK（TCP 确认包）、TCP ACK STOMP（TCP 确认包压制）及 HTTP 攻击。它持续监听 C2 服务器的命令，通过对应的攻击方法 ID 和参数触发 DDoS 攻击。” ShadowV2 的出现表明，物联网设备仍是重大安全薄弱环节。其演化趋势显示，威胁行为者正日益聚焦物联网环境。 报告总结道：“ShadowV2 的演化表明，威胁行为者的攻击目标已出现向物联网环境转移的战略转变。这凸显了及时更新固件、推行严格安全实践、持续监控相关威胁情报的重要性 —— 唯有如此，才能提升整体安全态势感知能力，确保物联网生态系统的抗攻击韧性。”   消息来源：securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 威胁行为者被发现操纵数字日历订阅基础设施，用于分发有害内容。 日历系列订阅功能允许第三方直接向设备添加事件并推送通知，例如零售商分享促销日期、体育协会更新赛事日程等合法场景。 但网络安全公司 BitSight 的最新研究显示，正因为这类订阅支持第三方服务器直接添加事件，威胁行为者已搭建虚假基础设施，诱骗用户订阅恶意通知。这些恶意日历订阅通常托管在过期或被劫持的域名上，可被用于大规模社会工程学攻击。 一旦用户订阅成功，攻击者便能推送包含恶意内容的日历文件（如恶意链接、附件），引发的风险包括钓鱼攻击、恶意软件分发、JavaScript 代码执行，甚至利用人工智能助手等新兴技术实施新型攻击。 Sinkhole 研究发现 347 个可疑日历域名 BitSight 的研究始于一个被 “Sinkhole（沉洞）” 接管的域名 —— 该域名每日记录到 1.1 万个独立 IP 地址的访问请求。沉洞技术是网络安全研究中的常用手段，通过将恶意流量从目标地址重定向至受控环境（即沉洞服务器），以实现流量监测与分析。 这个初始沉洞域名原本是一个日历服务器，用于分发德国公共假期及学校假期的 ICS 格式日历文件。BitSight 研究人员表示：“这引起了我们的注意 —— 一个提供德国假期 ICS 文件的域名，为何会处于可被滥用的状态？” 随着调查范围扩大，研究团队又发现 347 个相关可疑域名（涉及 2018 年国际足联世界杯赛事、伊斯兰 Hijri 日历等主题）。这些域名每日累计接收约 400 万个独立 IP 地址的访问请求，其中美国地区的访问量占比最高。 BitSight 团队在沉洞数据中识别出两类同步请求，这强烈表明这些访问并非新订阅行为，而是来自先前已订阅日历的后台同步请求。研究人员指出：“这意味着，任何接管或注册这些过期域名的攻击者，都能通过推送定制化 ICS 日历文件，在用户设备中添加恶意事件。” 日历订阅成被忽视的安全盲点 该网络安全公司强调，此次研究并未发现谷歌日历（Google Calendar）或 iCalendar 协议存在漏洞，安全风险的核心源于第三方日历订阅服务。尽管苹果、谷歌等平台提供商已在生态安全防护方面取得显著进展，但 BitSight 的研究结果表明，即便其他领域的安全防护已相当完善，日历订阅滥用这类新兴风险仍可能未得到充分应对。 报告结论指出：“针对日历订阅的安全意识与防护措施应进一步强化 —— 尤其是相较于监控严密、防护完善的电子邮件系统，当前日历订阅的安全防护失衡，已在个人与企业安全体系中形成危险盲点。”   消息来源：infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Виртуальные валюты — не деньги, а любые операции с ними в Китае остаются риском не только для кошелька, но и для свободы.

In this Help Net Security interview, Michael Yaroshefsky, CEO at MCP Manager, discusses how Model Context Protocol’s (MCP) trust model creates security gaps that many teams overlook and why MCP must not be treated like a standard API. He explains how misunderstandings about MCP’s runtime behavior, governance, and identity requirements can create exposure. With MCP usage expanding across organizations, well-defined controls and a correct understanding of the protocol become necessary. What aspects of MCP’s trust model … More →

The post Treating MCP like an API creates security blind spots appeared first on Help Net Security.

Name: Ukrainian National CTF (an Ukrainian National CTF event.)
Date: Nov. 20, 2025, midnight — 01 Dec. 2025, 00:00 UTC  [add to calendar]
Format: Hack quest
On-line
Offical URL: https://hackenproof.com/gur-national-ctf-en
Rating weight: 0
Event organizers: Hacken Proof

Name: HeroCTF v7 (an HeroCTF event.)
Date: Nov. 28, 2025, 8 p.m. — 30 Nov. 2025, 22:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.heroctf.fr/
Rating weight: 65.00
Event organizers: HeroCTF