cybersecurity

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

cross-posted from: https://scribe.disroot.org/post/2697498

cross-posted from: https://scribe.disroot.org/post/2697495

Archived link

Foreign powers, ransomware gangs and AI threats are driving a surge in incidents affecting British businesses and government systems, [the British Intelligence Agency] GCHQ has warned.

Britain has suffered double the number of “nationally significant” cyberattacks in recent months compared with the year before, according to GCHQ.

Richard Horne, chief executive of the National Cyber Security Centre (NCSC), said that the GCHQ unit has managed 200 cyberattacks since September, which includes “twice as many nationally significant incidents as the same period last year”.

...

Referencing the recent attacks on Marks & Spencer, Co-op and Harrods, Horne told the CyberUK conference in Manchester that “the threat picture is diverse and dramatic” and called ransomware “a persistent threat”.

...

Rod Latham, director of cybersecurity at the Department for Science, Innovation and Technology, said: “Our statistics indicate that four in ten businesses are attacked in a year, three in ten charities — millions of cybercrimes in a year.”

...

Horne called China “the pacing threat in the cyber-realm” and “a cause for profound and profuse concern”.

...

On Russia he said that “we see a direct connection between Russian cyberattacks and physical threats to our security” and warned that amid talks on Ukraine, “it is almost certain that Russia will continue its wider cyber espionage activity … against Ukraine and supporting countries”.

...

Today we released Vulnerability-Lookup 2.9.0 with new features, enhancements, and bug fixes.

What's New

Adversarial Techniques from MITRE EMB3D

The Adversarial Techniques from MITRE EMB3D are now integrated into Vulnerability-Lookup as a new source and are correlated with existing security advisories.

This feature was contributed by Piotr Kaminski during the last Hack.lu hackathon. (#129)

Global CVE Allocation System (GCVE)

GCVE identifiers are now supported in HTML templates and URL parameters,
thanks to the GCVE Python client.
These identifiers can now be used when disclosing a new vulnerability as part of the Coordinated Vulnerability Disclosure (CVD) process, in alignment with NIS 2 requirements. (8bb3d84, 58c394a)

Trustworthy Level for Members

Members of a Vulnerability-Lookup instance now have a dynamically calculated
trustworthy level based on profile completeness and verification.
Members affiliated with FIRST.org or European CSIRTs (CNW) are automatically
trusted for operations that would otherwise require administrator approval
(e.g., creating comments).

Changes

• New API endpoint for MITRE EMB3D. (c0d6b44)
• Improved the vulnerability disclosure page. (ccfb6b1)
• Added page arguments to the vulnerability/last endpoint. (ce75a7a)
• Notification emails now include a random signoff. (#119)
• Various graphical enhancements. (0878a31)

Fixes

• Fixed editing of notifications for Organization/Product. (#124)

Changelog

📂 To see the full rundown of the changes, users can visit the changelog on GitHub: https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.9.0

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Check Point Research uncovered a sophisticated phishing campaign that abuses Discord and targets crypto users. Attackers redirects users from a legitimate Web3 website to a fake Collab.Land bot and then to a phishing site, tricking them into signing malicious transactions. The drainer script deployed on that site was directly linked to Inferno Drainer. Despite publicly shutting down in late 2023, Inferno Drainer remained fully operational. Smart contracts deployed in 2023 continued to be used into 2025. Recent campaigns show notable technical upgrades and infrastructure improvements. Inferno Drainer employs advanced anti-detection tactics — including single-use and short-lived smart contracts, on-chain encrypted configurations, and proxy-based communication — successfully bypassing wallet security mechanisms and anti-phishing blacklists. In just the last six months, more than 30,000 wallets were victimized by Inferno Drainer, resulting in at least $9 million in losses. The combination of evolving technical sophistication and convincing social engineering continues to drive the success of these attacks.

cross-posted from: https://lemmy.sdf.org/post/33999334

Archived

• Under the new rules, tenders will award bonus scores to offers that deploy cybersecurity technologies manufactured in Italy, EU member states, NATO countries, or other like-minded partners.
• The legislation follows high‑profile incidents of Chinese technology infiltrating sensitive sites, ranging from surveillance cameras in courts and ministries to thermoscanners at the prime minister’s office, and the award of customs‑scanner contracts to China’s Nuctech.
• Products include: video surveillance and access‑control systems (including baggage and cargo scanners); VPN‑capable digital networking products, routers, modems (including satellite types), and switches; firewalls, intrusion detection and prevention systems; network storage and backup solutions; cloud services; drone‑control software
• Preference is extended to suppliers from the EU, NATO members, and “like‑minded” countries with collaboration agreements—namely Australia, South Korea, Japan, Israel, New Zealand, and Switzerland.
• The government retains authority to update the list of covered categories and beneficiary states, based on recommendations from public administrations and intelligence agencies, ensuring the framework evolves alongside emerging security needs.

[...]

Blogged a bit about Kidflix login credentials and tried to make some basic password analysis. Originally the bulk of the post was written in the beginning of April, but I forgot and it was just sitting there in my drafts directory.

cross-posted from: https://scribe.disroot.org/post/2673818

[This is an op-ed by Tin Pak, visiting academic at the National Defense University and a researcher at the Institute for National Defense and Security Research in Taiwan, and Chen Yu-cheng, an associate professor at the National Defense University.

The term “assassin’s mace” originates from Chinese folklore, describing a concealed weapon used by a weaker hero to defeat a stronger adversary with an unexpected strike. In more general military parlance, the concept refers to an asymmetric capability that targets a critical vulnerability of an adversary. China has found its modern equivalent of the assassin’s mace with its high-altitude electromagnetic pulse (HEMP) weapons, which are nuclear warheads detonated at a high altitude, emitting intense electromagnetic radiation capable of disabling and destroying electronics.

An assassin’s mace weapon possesses two essential characteristics: strategic surprise and the ability to neutralize a core dependency. HEMP weapons fit both criteria. In nanoseconds, a single HEMP detonation at an altitude between 20km and 50km can disable electronic infrastructure across large swathes of Taiwan. There would be little warning, as the Chinese People’s Liberation Army (PLA) fields DF-17 hypersonic missiles, capable of delivering a HEMP warhead above Taiwan in a matter of minutes.

HEMPs strike at the foundation of modern society, its electronic systems. Every critical infrastructure uses electronics, from telecommunications, hospitals, energy production and distribution facilities, and even water purification systems.

...

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

A brief look at all things infostealers for the week 18, 2025 (28.04.2025–04.05.2025). This week observed updates from LummaC2 and StealC infostealers. Grabbed some numbers from marketplaces and some interesting news/articles.

cross-posted from: https://sh.itjust.works/post/37162345

Came out in 2008 and leaked in 2013, the glowies have been able to send out malicious packets from air-gapped networks for exuberant prices.

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

🚨 April 2025 Vulnerability Report is out! 🚨

👉 https://www.vulnerability-lookup.org/2025/05/01/vulnerability-report-april-2025/

The most prominent vulnerabilities affect the following products:

• Ivanti / ConnectSecure
• Erlang / OTP
• SAP / SAP NetWeaver

The Continuous Exploitation section highlights several resurgent vulnerabilities (recently exploited at a high rate), including:

• CVE-2017-17215 (Huawei router)
• CVE-2015-2051 (D-Link)

Check out the report for more details.

A huge thank you to all contributors and data sources that make this possible! 🙌

Want to help shape the next report? Join us: 👉 https://vulnerability.circl.lu/user/signup

💻 NISDUC Conference

Vulnerability-Lookup will be presented during the fourth NISDUC conference.

👉 https://www.nisduc.eu/

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.

This client can be integrated into software such as Vulnerability-Lookup to provide core GCVE functionalities by adhering to the Best Current Practices.
It can also be used as a standalone command-line tool.

Examples of usage

As a command line tool

First install the gcve client:

$ python -m pip install --user pipx
$ python -m pipx ensurepath

$ pipx install gcve
  installed package gcve 0.6.0, installed using Python 3.13.0
  These apps are now globally available
    - gcve
done! ✨ 🌟 ✨

Pulling the registry locally

$ gcve registry --pull
Pulling from registry...
Downloaded updated https://gcve.eu/dist/key/public.pem to data/public.pem
Downloaded updated https://gcve.eu/dist/gcve.json.sigsha512 to data/gcve.json.sigsha512
Downloaded updated https://gcve.eu/dist/gcve.json to data/gcve.json
Integrity check passed successfully.

Retrieving a GNA

Note: This operation is case sensitive.

$ gcve registry --get CIRCL
{
  "id": 1,
  "short_name": "CIRCL",
  "cpe_vendor_name": "circl",
  "full_name": "Computer Incident Response Center Luxembourg",
  "gcve_url": "https://vulnerability.circl.lu/",
  "gcve_api": "https://vulnerability.circl.lu/api/",
  "gcve_dump": "https://vulnerability.circl.lu/dumps/",
  "gcve_allocation": "https://vulnerability.circl.lu/",
  "gcve_sync_api": "https://vulnerability.circl.lu/"
}

$ gcve registry --get CIRCL | jq .id
1

Searching the Registry

Note: Search operations are case insensitive.

$ gcve registry --find cert
[
  {
    "id": 680,
    "short_name": "DFN-CERT",
    "full_name": "DFN-CERT Services GmbH",
    "gcve_url": "https://adv-archiv.dfn-cert.de/"
  }
]

More information in the Git repository.