cybersecurity

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.

This client can be integrated into software such as Vulnerability-Lookup to provide core GCVE functionalities by adhering to the Best Current Practices.
It can also be used as a standalone command-line tool.

Examples of usage

As a command line tool

First install the gcve client:

$ python -m pip install --user pipx
$ python -m pipx ensurepath

$ pipx install gcve
  installed package gcve 0.6.0, installed using Python 3.13.0
  These apps are now globally available
    - gcve
done! ✨ 🌟 ✨

Pulling the registry locally

$ gcve registry --pull
Pulling from registry...
Downloaded updated https://gcve.eu/dist/key/public.pem to data/public.pem
Downloaded updated https://gcve.eu/dist/gcve.json.sigsha512 to data/gcve.json.sigsha512
Downloaded updated https://gcve.eu/dist/gcve.json to data/gcve.json
Integrity check passed successfully.

Retrieving a GNA

Note: This operation is case sensitive.

$ gcve registry --get CIRCL
{
  "id": 1,
  "short_name": "CIRCL",
  "cpe_vendor_name": "circl",
  "full_name": "Computer Incident Response Center Luxembourg",
  "gcve_url": "https://vulnerability.circl.lu/",
  "gcve_api": "https://vulnerability.circl.lu/api/",
  "gcve_dump": "https://vulnerability.circl.lu/dumps/",
  "gcve_allocation": "https://vulnerability.circl.lu/",
  "gcve_sync_api": "https://vulnerability.circl.lu/"
}

$ gcve registry --get CIRCL | jq .id
1

Searching the Registry

Note: Search operations are case insensitive.

$ gcve registry --find cert
[
  {
    "id": 680,
    "short_name": "DFN-CERT",
    "full_name": "DFN-CERT Services GmbH",
    "gcve_url": "https://adv-archiv.dfn-cert.de/"
  }
]

More information in the Git repository.

cross-posted from: https://scribe.disroot.org/post/2539529

Archived version

Here is also a report.

China-nexus APT exploits Ivanti Connect Secure VPN vulnerability to infiltrate multiple entities, according to Cyber Security firm TeamT5.

• The campaign, active since late March 2025, exploits the CVE-2025-0282 and CVE-2025-22457 vulnerabilities' stack-based buffer overflow flaws, which have maximum CVSS (Common Vulnerability Scoring System) scores of 9.0, to deploy the SPAWNCHIMERA malware suite and establish network access.

• The victim countries include Austria, Australia, France, Spain, Japan, South Korea, Netherlands, Singapore, Taiwan, the United Arab Emirates, the United Kingdom, and the United States.

• Targeted industries include Automotive, Chemical, Conglomerate, Construction, Information Security, Education, Electronics, Financial Institution, Gambling, Government, Intergovernmental Organizations (IGO), Information Technology, Law Firm, Manufacturing, Materials, Media, Non-Governmental Organizations (NGOs), Research Institutes, Telecommunication.

...

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

I have been looking at hardening *nix servers for my lab and maybe carry some of that over to work. CIS benchmarks are something I like doing but that's barely scratching the surface. What do you do for your servers?

I have Lynis, systemd-analyze, Kernel self protection in mind but I'd love to hear your thoughts. Bonus points for the most paranoid setups!

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.

While remaining compatible with the traditional CVE system, GCVE introduces GCVE Numbering Authorities (GNAs). GNAs are independent entities that can allocate identifiers without relying on a centralised block distribution system or rigid policy enforcement.

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

The notorious imageboard 4chan is down following what appears to be a major hack of its backend. The hackers claim to have exposed code for the site, the emails of moderators, and a list of mod communications. This happened, it seems, as part of a five year long, inter-image board beef between users of 4chan and Soyjak, another image board that splintered off of 4chan.

It’s still unclear what the fallout of the hack will be, but the notorious image board remains down and a huge amount of data appears to have been leaked.

Users struggled to load 4chan on the evening of April 14, 2025, according to posts on other imageboards and forums. A few hours before that, the banned board /qa/ reappeared on the site and someone using the hiroyuki account, named after 4chan’s owner Hiroyuki Nishimura, posted “FUCKING LMAO” and “U GOT HACKED XD.

The hiroyuki account was flagged in bold red as an admin, suggesting the person posting the messages had control over a real admin account. /qa/ was a “questions and answer” imageboard on 4chan. Pitched as a place to discuss concerns that affected the whole of 4chan, /qa/ was in practice a board where various factions fought.

Soyjak is a popular meme you’ve probably seen before. It’s a balding man with glasses and shaggy beard, his mouth agape in docile joy. He is now the name of a rival imageboard.

At about the same time 4chan struggled to load, someone on the soyjak.st posted a thread that claimed to explain what happened. “Tonight has been a very special night for many of us at the soyjak party,” the thread said. “Today, April 14, 2025, a hacker who has been in 4cuck’s system for over a year, executed the true operation soyclipse, reopening /qa/, exposing personal information of various 4cuck staff, and leaking code from the site.”

The thread shared images of the resurrected and defaced /qa/ board as well as what appear to be screenshots from 4chan’s internal moderation tools. The screenshots included discussion about why users had been banned from 4chan, pieces of its backend in phpMyAdmin (the infrastructure that runs 4chan and other forums and imageboards), and traffic stats for specific boards.

Elsewhere on the internet, someone leaked an alleged list of moderator email addresses and a portion of what they described as the “source code” for the site. 404 Media reached out to an email in the leaked list that appeared to be for Nishimura but did not hear back.

It appears that 4chan was susceptible to a hack because it was running very out of date code that contained various vulnerabilities, according to 404 Media’s look at the code and people sorting through the hack online.

So 4chan very likely got hacked because they were running on an extremely out of date version of PHP that has a lot of vulnerabilities and exploits and are using deprecated function to interact with there MySQL database.

Web security 101: Keep your code and software up to date. pic.twitter.com/JFDOsbr5rt

— Yushe (@_yushe) April 15, 2025

That starts to answer the question of how this happened. But why did it happen? This all has roots in a five year old meme fight.

Soyjak.party, the site where a user began posting about the 4chan hack, was an offshoot of 4chan created as a joke about five years ago. Besides being a general cesspool,

4chan has long been a place that incubates memes. lolcats, the NavySeal copypasta, and Pepe the Frog grew and spread on 4chan’s imageboards. From time to time a meme is overplayed or spammed and mods on the site get tired of it.

Five years ago, users spammed the /qa/ board with soyjaks. Unable to quash the tide of soyfaced jpegs, 4chan shut down the entire /qa/ board. The soyajk loving exiles of 4chan started a new site called soyjak.party where they could craft open mouthed soyboy memes to their heart’s content. When 4chan was hacked on the night of April 14, the /qa/ board briefly returned. “/QA/ RETURNS SOYJAK.PARTY WON” read a banner image at the top of the board.

As of this writing, 4chan is still down. When you attempt to access a specific board, the connection times out. “The initial connection between Cloudflare's network and the origin web server timed out. As a result, the web page can not be displayed,” the error page says.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.