Vulnerability Report β January 2025
With significant improvements in gathering sightings and vulnerability information in recent weeks, vulnerability-lookup has become a great resource for automatically generating vulnerability threat landscape reports.
The tooling is open source and you can reuse it or extend to add your own sources, sighting or improve it.
We have many ideas for vulnerability-lookup project and we welcome new contributors.
[#]cve #opensource #threatintelligence #threatintel #vulnerability #vulnerabilities #fosdem #fosdem2025 #fosdem25
π Report https://www.vulnerability-lookup.org/2025/02/01/vulnerability-report-january-2025/
π Open source code https://github.com/vulnerability-lookup/vulnerability-lookup
π Online version https://vulnerability.circl.lu/
:github: org https://github.com/vulnerability-lookup
The project team will be also present at hackathon.lu (April 8th and 9th, 2025 in Luxembourg) https://hackathon.lu/projects/#vulnerability-lookup
@circl @cedric
=> More informations about this toot | View the thread
A new open-source security project "cocktail party" joined the hackathon.lu event, a two-day in-person hackathon held in Luxembourg on April 8th and 9th, 2025.
Feel free to join us with your open-source security project!
π https://github.com/flowintel/CocktailParty
π https://hackathon.lu/
[#]hackathon #opensource #luxembourg #cybersecurity
=> More informations about this toot | View the thread
AIL Project v6.0.1 released with improved usability in social network monitoring and many bugs fixed.
[#]opensource #osint #darkweb #threatintelligence #threatintel
π https://ail-project.org/blog/2025/01/23/AIL-v6.0.1.released/
@ail_project
=> More informations about this toot | View the thread
Interesting approach to CVE allocation: announcing End-of-Life (EOL) versions of Node.js. I haven't notice this practice before.
Not entirely sure about the objective. Does this mean the Node.js team plans to restrict CVE creation for older, unmaintained versions of Node.js?
[#]nodejs #cve #vulnerability #infosec #cybersecurity
π https://vulnerability.circl.lu/vuln/cve-2025-23089
=> More informations about this toot | View the thread
This 2-day physical Hackathon, held in Luxembourg on April 8th and 9th, 2025, focuses on the development of free and open-source software for cybersecurity. We aim to convene diverse developer groups to collaborate on complex programming challenges within key cybersecurity areas, such as information sharing, threat intelligence, network and system forensics, data mining, network and computer exploitation, and defense techniques.
Donβt hesitate to join us. We are open to any ideas or proposals.
@circl @misp @kunai_project @suricata @vulnerability_lookup @ail_project
https://hackathon.lu/
[#]hackathon #opensource #cybersecurity #threatintel #luxembourg
=> More informations about this toot | View the thread
Many assume that an onion address with a strange name and a leak always belongs to a threat actor. But sometimes, it's just a frustrated security researcher sharing findings to push for fixing vulnerable infrastructure.
[#]vulnerability #leak #infosec
=> More informations about this toot | View the thread
6 vulnerabilities discovered in rsync server, including one critical flaw that allows remote code execution (RCE) on the server. Anonymous rsync servers are affected.
π https://vulnerability.circl.lu/bundle/d938dc28-6877-40db-ad5f-25f3051288e6
[#]rsync #vulnerability #vulnerabilities #cve #cybersecurity #infosec
=> More informations about this toot | View the thread
After years of discussions about sovereignty at the EU level regarding CPUs and GPUs, we are now seeing the consequences of the lack of proactive action on this critical issue.
You can't leverage AI effectively if you lack access to the essential hardware needed to achieve your objectives.
π
https://www.euractiv.com/section/tech/news/biden-divides-eu-with-new-ai-chip-export-controls/
[#]eu #europe #semiconductors
=> More informations about this toot | View the thread
Sonicwall (SonicOS) vulnerabilities.
SonicOS SSLVPN Authentication Bypass Vulnerability. CVE-2024-53704 sounds not very good but the others seem quite critical too.
Bundle created in @vulnerability_lookup from a imgur reference.
π https://vulnerability.circl.lu/bundle/602ffeaf-2425-48cc-967c-0efad9629dd0
[#]sonicwall
[#]sonicwallvpn #vulnerability #vulnerabilities
=> More informations about this toot | View the thread
Since complaining seems to be the trend in infosec, hereβs mine: I donβt like the pyramid of pain.
Why? Because it gives the impression that some selectors or indicators are less valuable than others. This can lead analysts to skip or avoid certain indicators, mistakenly treating the pyramid of pain as a definitive guide to what is valuable in threat intelligence.
[#]threatintel #infosec #cybersecurity #rant
=> More informations about this toot | View the thread
CVE-2024-49112 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability.
A crashing PoC has been published.
[#]ldap #microsoft #vulnerability #vulnerabilities #cybersecurity
π PoC https://github.com/Dliv3/CVE-2024-49112 (I didn't test it, so review it)
π https://vulnerability.circl.lu/vuln/CVE-2024-49112#sightings
π https://www.zerodayinitiative.com/blog/2024/12/10/the-december-2024-security-update-review (ZDI PoV)
=> More informations about this toot | View the thread
Is Palo Alto actually scanning for their compromised and vulnerable customers? At least from the logs on one of my servers, there is a log entry for a GET HTTP request with a peculiar User-Agent.
To be honest, it would have been a positive step to see vendors actively scanning and notifying their customers.
Maybe they should team up with @shadowserver to perform it at a larger scale?
#paloalto #cybersecurity #vulnerability #networkscanning
=> More informations about this toot | View the thread
The new sighting map in vulnerability-lookup provides valuable insights into vulnerability activity trends.
Thanks to @cedric for the hard work testing all the graphical libraries and ultimately choosing a simple, efficient infovis approach.
π https://vulnerability.circl.lu/
π https://www.vulnerability-lookup.org/
[#]infovis #infosec #cybersecurity #cve #vulnerability
=> More informations about this toot | View the thread
Recommendations on "Naming Threat Actors" provides advice on the naming of threat actors (also known as malicious actors). The objective is to provide practical advice for organizations such as security vendors or organizations attributing incidents to a group of threat actors. It also discusses the implications of naming a threat actor for intelligence analysts and threat intelligence platforms such as MISP.
π https://www.misp-standard.org/rfc/threat-actor-naming.html
π https://www.misp-galaxy.org/threat-actor/
[#]cybersecurity #opensource #threatintelligence #threatintel #standard
@misp
=> More informations about this toot | View the thread
This 2-day physical Hackathon, held in Luxembourg on April 8th and 9th, 2025, focuses on the development of free and open-source software for cybersecurity.
[#]hackathon #opensource #cybersecurity #collaboration #cti #threatintel
π https://hackathon.lu/2024/12/24/hackathon.lu-2025-announced/
=> More informations about this toot | View the thread
It seems that @Ransomlook is now available via Tor
http://ransomlookumjrc6erzqn467lkcu2t5h4enjzfigvsxrrktxicysi2yd.onion/
with a nice vanity domain ;-)
[#]ransomware #ransomlook #tor #cybersecurity
=> More informations about this toot | View the thread
One thing's clear: if you send an abuse notification to NiceNIC, it ends up being really 'nice' for the criminals.
This reminded me of an idea for proxy filtering: filtering based on the domain registrar. Another practical use case for the WHOIS history database.
Is there an open and public list of the worst registrars?
[#]networksecurity #whois #whosis #cybersecurity #abusehandling #csirt
=> More informations about this toot | View the thread
If your adversary has less bureaucracy than your organisation, the adversary is most probably winning.
[#]bureaucracy #cybersecurity
=> More informations about this toot | View the thread
I'm genuinely impressed by the growing focus on developing better open-source security tools and intelligence within the EU, particularly for the defense sector, reducing reliance on companies and organizations outside the region. We are slowing but surely getting there if the focus remains for the next years!
[#]eu #opensource #infosec
=> More informations about this toot | View the thread
Ever wonder why we build our own open-source tools? It's often to tackle unique challenges other tools can't handle.
In this case, we needed to track and monitor CVEs (Common Vulnerabilities and Exposures), especially proof-of-concept (PoC) discussions emerging on social networks like Telegram. We're automating the monitoring of these channels, but our goal is to empower analysts, not burden them with manual work.
Check out (annotated screenshots below) how we developed and using the AIL Project @ail_project to automatically:
AIL Project ( @ail_project )is an open source project combined an extensive integration with MISP Project @misp and other open source tooling that we developed for the past years.
[#]opensource #ailproject #darkweb #vulnerability #vulnerabilities #poc #cybersecurity
=> View attached media | View attached media
=> More informations about this toot | View the thread
=> This profile with reblog | Go to adulau@infosec.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini
