Aggregator

文章描述了错误代码521的含义及其常见原因，并提供了相应的解决方法。

HackerNews 编译，转载请注明出处： 俄罗斯投资分析平台Investment Projects本周早些时候遭亲乌克兰黑客组织攻击。截至8月21日，该平台网站仍处于瘫痪状态。平台声明称正在全力修复基础设施，并已向国家监管机构通报事件。 自称Cyber Anarchy Squad的黑客组织宣称对此次攻击负责。该组织声称已部分摧毁平台基础设施，获取内部数据库及员工文档，并公开大量据称窃取的文件。媒体Recorded Future News暂无法独立核实泄露材料的真实性。 Cyber Anarchy Squad表示，泄露数据旨在施压监管机构对该平台处以罚款。根据俄罗斯法律，企业因未能保护客户数据最高可面临2万卢布（约250美元）罚款。 Investment Projects平台主要推广和分析俄罗斯大型项目，涵盖工业、民用及交通建设领域，由PKR Group运营。其投资者与客户包括俄罗斯工程集团Konar、矿业巨头诺里尔斯克镍业、农业企业Rusagro以及私营航空公司S7 Airlines等知名企业。 针对此次攻击，平台回应称：“敌人正试图通过破坏俄罗斯的服务平台来削弱经济和工业，但我们终将更加强大。” Cyber Anarchy Squad自2022年左右开始活跃，以攻击俄罗斯和白俄罗斯机构著称，此前受害者包括电信服务商Infotel、网络安全公司Avanpost及政府关联实体。该组织通过Telegram频道宣传其行动。 尽管此次攻击的实际影响尚不明确，但此类事件通常会导致声誉损害、高昂恢复成本及潜在监管罚款。       消息来源： therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

一名20岁的佛罗里达男子因参与网络犯罪集团“Scattered Spider”，通过SIM卡交换攻击窃取资金并入侵多家公司系统，被判10年监禁并赔偿1300万美元。

ISC Stormcast播客于2025年8月21日发布，值班处理员为Xavier Mertens，当前威胁级别为绿色。

Workers Reject Traditional Advancement for Flexible, Purpose-Driven Career Paths
In 2025, professionals are abandoning the traditional career ladder for lateral moves and purpose-driven roles. Employers must adapt their advancement models or risk losing top talent, especially in critical fields like cybersecurity where flexibility matters most.

Hacking Was the Easy Part, Notifying McDonald's the Extremely Difficult Bit
A security researcher gained access to McDonald's global marketing portal by changing a single word in its URL, uncovering a slew of additional vulnerabilities. The hard part was notifying the burger giant about the flaws, says self-described ethical hacker "BobDaHacker."

Inotiv Inc. Tells SEC Some Business Operations Disrupted, No Recovery Date in Sight
Inotiv, a drug research and development firm, told federal regulators that it's been dealing with a cyberattack since Aug. 8 that has encrypted some IT systems and data, and is disrupting certain business operations. Ransomware gang Qilin has listed the company as a victim on its dark website.

Claude Models May Shut Down Harmful Chats in Some Edge Cases
Anthropic introduced a safeguard to its Claude artificial intelligence platform that allows certain models to end conversations in cases of persistently harmful or abusive interactions. The company said it's doing so not to protect human users, but as a way to mitigate risks to the models.

Successful Breaches Renew Fears of Operational Vulnerabilities Across Water Sector
Russia is suspected of escalating cyberattacks on European water utilities, including attempts to sabotage Polish and Norwegian water facilities and dams, signaling a broader threat to global critical infrastructure as state-backed actors exploit critical OT weaknesses amid global conflict.

三星将在9月2日发布9100 Pro 8TB固态硬盘，基于PCIe 5.0协议提供高达14,800MB/s的读取速度和13,400MB/s的写入速度。该版本售价约人民币8,225元（含散热器），适合游戏玩家和专业人士。

文章描述了一次安全测试过程，通过信息收集、漏洞利用和heapdump分析获取敏感信息，并成功接管阿里云控制台及检查minio存储桶内容。

错误代码521通常由Cloudflare引发，表示源服务器无法连接或响应。常见原因包括网络配置问题或服务器故障。解决方法包括检查源服务器状态、确认防火墙设置及网络连通性，并联系相关技术支持以排除故障。

HackerNews 编译，转载请注明出处： 比利时电信运营商Orange于8月21日披露，7月底发现一起网络攻击事件，导致85万个客户账户的数据遭泄露。 该比利时子公司声明“关键数据未受侵害：密码、电子邮箱地址、银行或财务信息均未被黑客获取”，但警告称：“黑客入侵了包含以下数据的IT系统：姓名、电话号码、SIM卡号、PUK码及资费套餐。”公司解释称，PUK码（个人解锁密钥）是8位安全码，当客户多次输入错误PIN码时可用来解锁SIM卡。 公司未立即回应关于事件发现与披露时间的质询，但在声明中表示，团队在发现问题后“立即封锁受影响系统的访问权限并强化安全措施”。声明补充道：“比利时Orange已向相关部门报警，并向司法机构提交正式投诉。” 此次攻击发生前，其母公司Orange集团于7月25日曾发现影响内部系统的网络攻击。当时Orange集团表示无证据显示客户数据被窃取。Orange未说明两起事件是否关联，也未更新此前声明。两次攻击的具体性质均未公开。 官方声明称，受影响客户将通过短信和邮件收到通知，并敦促其警惕专用网页上提示的钓鱼攻击风险。       消息来源： therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability categorized as critical has been discovered in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. Such manipulation of the argument nginxPath leads to improper certificate validation. This vulnerability is documented as CVE-2024-3738. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in cym1102 nginxWebUI up to 3.9.9. This impacts an unknown function of the file /adminPage/main/upload. Performing manipulation of the argument File results in os command injection. This vulnerability is reported as CVE-2024-3739. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in cym1102 nginxWebUI up to 3.9.9. Affected is the function exec of the file /adminPage/conf/reload. Executing manipulation of the argument nginxExe can lead to deserialization. This vulnerability appears as CVE-2024-3740. The attack may be performed from a remote location. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in Ruijie RG-UAC up to 20240419. This vulnerability affects unknown code of the file /view/network Config/GRE/gre_edit_commit.php. Executing manipulation of the argument Name can lead to os command injection. The identification of this vulnerability is CVE-2024-4255. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Ruijie RG-UAC 1.0 and classified as critical. The affected element is an unknown function of the file /view/systemConfig/reboot/reboot_commit.php. The manipulation of the argument servicename results in os command injection. This vulnerability is cataloged as CVE-2024-6184. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Ruijie RG-UAC 1.0. It has been declared as critical. This affects an unknown function of the file /view/userAuthentication/SSO/commit.php. Such manipulation of the argument ad_log_name leads to os command injection. This vulnerability is documented as CVE-2024-6186. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.