cybersecurity

Just released #BurpAnonymizer, a Burp Suite extension that redacts PII, credentials, tokens and other sensitive data from HTTP requests/responses.

With one click, safely share requests and responses in reports, presentations, team reviews, or AI workflows, without exposing secrets and minimizing manual redactions.

🔗 Explore it here: https://github.com/sv1sjp/BurpAnonymizer

#CyberSecurity #BurpSuite #AppSec #Privacy #SecurityTools #web PortSwigger

Le Monde revealed that France’s aircraft carrier Charles de Gaulle was tracked in real time through an officer’s activity on the Strava app. A sailor unknowingly shared running data from the ship, exposing its location in the Mediterranean. The French sailor’s public Strava profile, set as “public,” revealed the near real-time location of the aircraft carrier in the Mediterranean, near Cyprus and Turkey.

cross-posted from: https://infosec.pub/post/43738524

Rust security maintainers contend Nadim Kobeissi's vulnerability claims are too much Since February, cryptographer Nadim Kobeissi has been trying to get code fixes applied to Rust cryptography libraries to address what he says are critical bugs. For his efforts, he's been dismissed, ignored, and banned from Rust security channels.…

It is our honour to announce the release of Vulnerability-Lookup 4.2.0!

This version brings a large number of new CSAF-based vulnerability advisory sources, improvements to the web interface, and several bug fixes.

What's New

New CSAF-based sources

As the number of GNA keeps growing and the interest around the GCVE-EU initiative increases, these UI improvements and filtering capabilities are becoming essential to efficiently explore the various available sources.

Below is the list of CSAF-based sources available by default. You can enable or disable each feeder via the config/modules.cfg configuration file. The display in the web interface is also configurable through the config/website.py configuration file.

• ABB
• ads-tec Industrial IT GmbH
• AUMA Riester GmbH & Co. KG
• Beckhoff Automation GmbH & Co. KG
• Bender GmbH & Co. KG
• Carlo Gavazzi Automation
• CERT-Bund
• CERT@VDE
• CISA
• Cisco
• CODESYS GmbH
• Endress+Hauser AG
• Festo SE & Co. KG
• Frauscher Sensortechnik GmbH
• Helmholz GmbH & Co. KG
• HIMA Paul Hildebrandt GmbH
• ifm electronic GmbH
• Janitza electronics GmbH
• Lenze SE
• MB connect line GmbH
• Mettler-Toledo GmbH
• Microsoft
• Miele & Cie KG
• Murrelektronik GmbH
• NCSC-NL
• Nozomi Networks
• Open-Xchange
• OpenSuse
• Pepperl+Fuchs SE
• Phoenix Contact GmbH & Co. KG
• Pilz GmbH & Co. KG
• Red Hat
• Sauter AG
• Schneider Electric
• Sick
• Siemens
• SMA Solar Technology AG
• Suse
• SWARCO TRAFFIC SYSTEMS GmbH
• Trumpf SE + Co. KG
• VARTA Storage GmbH
• WAGO GmbH & Co. KG
• Weidmueller Interface GmbH & Co. KG
• Welotec GmbH
• Wiesemann & Theis GmbH

Improvements

• Enriched CSAF view
  The generic CSAF view now includes severity, vulnerabilities, references, and acknowledgments.
  d528da8

• Enriched OSV view
  Added severity and references to the generic OSV view.
  65de73e

• Date published in CVE records
  If known, the datePublic field of CVE records is now displayed.
  861a082

• Boost recent sightings enabled by default
  The boost recent sightings switch is now checked by default.
  4eed4c4

• New source argument for the full-text indexer
  Added a source argument to the indexer for more targeted indexing.
  d4e6e1f

• Less verbose indexing
  Reduced the verbosity of the full-text search indexing process.
  a563dff

• Configuration improvements
  Reorganized the default SOURCES_TO_SHOW config variable and updated the sample website.py configuration with examples for the new configuration options.
  f699400, 6e8fb6c

• Documentation updates
  Various improvements to the documentation, including GCVE publication as a GNA and Known Exploited Vulnerabilities Catalogs.
  58a4d83, 143f5f5, 1f6d6d3, 52c774f

• Updated Python dependencies
  6e30dc2

Fixes

• Fixed incorrect vulnerability ID passed in various Jinja macros. cf1b209
• Fixed the default product option so the form correctly re-submits its value when changing sort/order controls. 7373f8f
• Suppressed spurious config warnings for disabled features. c82e911
• Fixed a variable shadowing issue in parse_vuln_payload() where the local source variable was overriding the function parameter. cb03721

Changelog

📂 For the full list of changes, check the GitHub release:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v4.2.0

🙏 Thank you to all contributors and testers!

Special thanks to Raphaël Vinot for adding the new sources.

Feedback and Support

If you encounter any issues or have suggestions, feel free to open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
Your feedback is always appreciated!

Follow Us on Fediverse/Mastodon

You can follow us on Mastodon and get real-time information about security advisories:
https://social.circl.lu/@vulnerability_lookup/

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)