We are glad to announce the immediate availability of vulnerability-related observations from The Shadowserver Foundation within Vulnerability-Lookup.

This milestone wouldn’t have been possible without Piotr Kijewski. We developed a new sighting client, ShadowSight. This new client gathers vulnerability-related data directly from The Shadowserver Foundation, then reports the collected data to the Vulnerability-Lookup API as sightings.

ShadowSight leverages insights on common vulnerabilities and exploited vulnerabilities from Shadowserver’s honeypot source. Source code of ShadowSight is available:

👉 https://github.com/CIRCL/ShadowSight

Explore our sightings collected from this source:

• Exploited vulnerabilities (type: exploited):
  https://vulnerability.circl.lu/sightings/?query=honeypot%2Fexploited-vulnerabilities
• Common vulnerabilities (type: seen):
  https://vulnerability.circl.lu/sightings/?query=honeypot%2Fcommon-vulnerabilities

The Shadowserver Foundation remains a cornerstone resource for security researchers, providing an extensive wealth of data on real-world exploits and their associated vulnerabilities, complete with daily statistics and geographical insights.

Widely used by incident response teams, security researchers, analysts, and other cybersecurity professionals, Shadowserver is recognized as a highly credible and impactful project in the cybersecurity landscape. The Shadowserver Foundation delivers particularly valuable insights into security issues, including vulnerabilities in unpatched IoT devices, various types of internet-facing services, and even services that should not be exposed to the internet.

For us, it has quickly become a reliable sources for sightings. It's also a way to diversify our sources and improve situational awareness.

🔗 Explore all our sighting sources (such as Mastodon, Bluesky, MISP, etc.) and tools here:

👉 https://www.vulnerability-lookup.org/tools/#sightings

📖 References

• https://www.shadowserver.org/
• https://vulnerability.circl.lu/
• https://github.com/cve-search/vulnerability-lookup
• https://github.com/CIRCL/ShadowSight
• https://www.vulnerability-lookup.org/documentation/sightings.html

🤝 Contribute

If you want to benefit from more features of Vulnerability-Lookup like sharing comments, bundles, or sightings, you can create an account to the instance operated by CIRCL:

👉 https://vulnerability.circl.lu/user/signup

This post contains a canary message that's cryptographically signed by the official BusKill PGP release key

The BusKill project just published their Warrant Canary #009

For more information about BusKill canaries, see:

• https://buskill.in/canary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Status: All good
Release: 2025-01-14
Period: 2025-01-01 to 2025-06-01
Expiry: 2025-06-30

Statements
==========

The BusKill Team who have digitally signed this file [1]
state the following:

1. The date of issue of this canary is January 14, 2025.

2. The current BusKill Signing Key (2020.07) is

   E0AF FF57 DC00 FBE0 5635  8761 4AE2 1E19 36CE 786A

3. We positively confirm, to the best of our knowledge, that the 
   integrity of our systems are sound: all our infrastructure is in our 
   control, we have not been compromised or suffered a data breach, we 
   have not disclosed any private keys, we have not introduced any 
   backdoors, and we have not been forced to modify our system to allow 
   access or information leakage to a third party in any way.

4. We plan to publish the next of these canary statements before the
   Expiry date listed above. Special note should be taken if no new
   canary is published by that time or if the list of statements changes
   without plausible explanation.

Special announcements
=====================

None.

Disclaimers and notes
=====================

This canary scheme is not infallible. Although signing the 
declaration makes it very difficult for a third party to produce 
arbitrary declarations, it does not prevent them from using force or 
other means, like blackmail or compromising the signers' laptops, to 
coerce us to produce false declarations.

The news feeds quoted below (Proof of freshness) serves to 
demonstrate that this canary could not have been created prior to the 
date stated. It shows that a series of canaries was not created in 
advance.

This declaration is merely a best effort and is provided without any 
guarantee or warranty. It is not legally binding in any way to 
anybody. None of the signers should be ever held legally responsible 
for any of the statements made here.

Proof of freshness
==================

14 Jan 25 01:01:33 UTC

Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
A Miracle? Pope Francis Helps Transsexual Prostitutes in Rome
Boost for the Right Wing: Why Did a German Newspaper Help Elon Musk Interfere in German Politics?

Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
What an Upended Mideast Means for Trump and U.S. Gulf Allies
Russia and Ukraine Battle Inside Kursk, With Waves of Tanks, Drones and North Koreans

Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
Gaza ceasefire deal being finalised, Palestinian official tells BBC
Watch: Moment man is saved from burning LA home

Source: Bitcoin Blockchain (https://blockchain.info/q/latesthash)
0000000000000000000042db9e17f012dcd01f3425aa403e29c28c0dc1d16470

Footnotes
=========

[1] https://docs.buskill.in/buskill-app/en/stable/security/pgpkeys.html

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeY3BEB897EKK3hJNaLi8sMUCOQUFAmeFuPcACgkQaLi8sMUC
OQXctQ//Zv7RZXPKMMyjMjfE2LjrL6RVESIZMT2tUO/y0wx8XTXKBpgOA7fTh2eC
BHkLajpU/S3LOb+wBniuo29tpGJHG5MBWDwyNUAWXqZfJ/A9YNikNYq9lOn6nKSH
oHyLB8h2nP9rfQ2wXUtN6lFJVKWU5Ef5pjMQb8flJO2kbou7QpgcOzxvRqrXOUcN
UumjSlDTtwIOYOX+Ee8SamI4LyApOlwxIGMbFcbRMcJNhtioS4qCGNGw1pqhvqmF
pi1kIaqd79I8y1U9ufncvC+pbCEvRdo+wb7ZsXA9ZYpYfJSQJzSkdCGgkbe0b1Tx
6CNlcgoXIVaEH6/W+C2DFlyG1u4JuH22eXIrloYnjOxlqSJCd0Dw1EeO33tg3xg3
tfeO9pGOcZPOwlBL509VlE9z6W3czyKJk7Z4RwYXCFYWWi8vlHvRQg0LNu0C4Jyw
fRV2LlMSeUgBz9xyE62jh/BUNZzXsD0ntprR1eRTkeW4kOGEc6Wql4lBKE08sajT
YdgTi4ojrcfTdS7Sgzh1Onh5h/nF7hoyCX0lINgyTrJFMynC6qadTZtiJ2yO8GT+
Ovk9ZJMggBMNr4Vbw6CyrU/4yYMyrEd5dzXYZLZ41lMMpjwM8OBJ/yp1pcGo9vk4
NTAjUQUvOj6nrA/r3j2ywFMDZtFR/jBjXULWE77ca3iJmc/FUdg=
=xahN
-----END PGP SIGNATURE-----

To view all past canaries, see:

• https://www.buskill.in/category/Canary/

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

We’re really thrilled to unveil Vulnerability-Lookup 2.4.0!

https://www.vulnerability-lookup.org/images/news/2025/2025-01-10-Vulnerability-Lookup-2.4.0.webm

This version includes new features, new importers, improvements and fixes. The key updates are highlighted below.

🔍 New Dashboard: Quickly access the top sighted vulnerabilities from the past month with a real-time, filterable interface.

📊 New Correlations Graph: Visualize relationships between sightings for deeper insights.

📥 New Importers:

• CSAF Microsoft Importer for streamlined CSAF data integration.
• FKIE NVD Importer to incorporate FKIE NVD datasets seamlessly.

📡 RSS/Atom Feeds for Sightings: Stay updated with feeds for specific CPE sightings, sorted and tailored for your needs.

👀 GitHub Gist Sighting Tool: Introducing GistSight for tracking vulnerabilities in GitHub Gists.

💡 Other Updates: We’ve added metadata enrichment capabilities and made significant API improvements to enhance your experience.

Discover more about Vulnerability-Lookup and its capabilities here:
https://vulnerability.circl.lu/

🙏 Thank you very much to all the contributors and testers!

To see the full rundown of the changes, users can visit the changelog on GitHub: https://github.com/cve-search/vulnerability-lookup/releases/tag/v2.4.0

Curious about the latest vulnerability trends, the year's first observations, or historical insights? Our enhanced home page on Vulnerability-Lookup (source code) now lets you filter and explore our growing dataset of sightings with ease. Simply pick the week you want and dive into the data.

Have ideas for improvements? Let us know! https://github.com/cve-search/vulnerability-lookup/issues

Of course you get these sightings via the API: https://vulnerability.circl.lu/api/

You can find various collected status here: https://vulnerability.circl.lu/sightings/?query=bsky.app

Amnesty International identified how Serbian authorities used Cellebrite to exploit a zero-day vulnerability (a software flaw which is not known to the original software developer and for which a software fix is not available) in Android devices to gain privileged access to an environmental activist’s phone. The vulnerability, identified in collaboration with security researchers at Google Project Zero and Threat Analysis Group, affected millions of Android devices worldwide that use the popular Qualcomm chipsets. An update fixing the security issue was released in the October 2024 Qualcomm Security Bulletin.

Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before - short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.

I store my mechanically generated passwords in 1Password. And I do not use the password in any way.

In such a case, does it make sense to activate TOTP? In my immature opinion, TOTP is only effective if you are using the same password for multiple websites. If this is incorrect, could you please tell me when TOTP would be useful?

We’re delighted to announce the release of Vulnerability-Lookup 2.2.0, packed with enhancements, new features, and bug fixes.

What's New

• Identity:

  • Vulnerability-Lookup now has a beautiful new logo.

• New Statistics Namespace: The API now offers a dedicated namespace for statistics. Two new endpoints are currently available:

  • /api/stats/vulnerability/most_sighted
  • /api/stats/vulnerability/most_commented Both endpoints provide the option to return results in a Markdown table format. (7a2b8ed, d95b49c)

  You can use the API output directly to generate PDF reports:

  $ curl -s -X 'GET' 'https://vulnerability.circl.lu/api/stats/vulnerability/most_sighted?date_from=2024-07-01&output=markdown' | pandoc --from=markdown --to=pdf -o semestrial-report.pdf
  

• New Client for KEV Sightings: A new Python client, KevSight, is available to generate sightings for Vulnerability-Lookup using the Known Exploited Vulnerabilities (KEV) catalog. For more details, refer to the Vulnerability-Lookup documentation on sightings automation and the available clients.

Changes

• API Enhancements:

  • Numerous improvements and harmonization across the API while maintaining compatibility with previous versions. PyVulVulnerabilityLookup has been updated. (f9a03fb, 79cc46d)

• Improved Views:

  • /recent: Enhanced for greater consistency and readability.
  • /vuln: Improved display for vulnerabilities from the CVE List v5 and NVD sources. The versions of the impacted products is now displayed in a third column. (9308772, 5f9826a, f71da45, 54ad96e, e8ae16e)
  • We have enhanced the layout and accessibility of various views as part of our ongoing commitment to creating software that is inclusive and usable for everyone.

• Documentation:

  • The documentation is now exposed by a dedicated Flask Blueprint which is serving static HTML files generated with Sphinx. Updating the documentation is possible via a simple button in the dashboard of Vulnerability-Lookup. (e27ac9f, 6f38ccf)

• Backend:

  • Harmonization of datetime objects by ensuring that all dates use UTC-aware timestamps (8ea2554, a4defc2)
  • Gunicorn is now by default using Gevent (c79f997)

Fixes

• Date Parameters in API:

  • The date_from and date_to parameters in the API no longer have default values. It is now the client’s responsibility to specify these values. (036ca3a)

• CVE Lookup Endpoint:

  • We fixed the API endpoint for searching CVEs by vendor and product. (0867fac)

Funding

The NGSOTI project is dedicated to training the next generation of Security Operation Center (SOC) operators, focusing on the human aspect of cybersecurity. It underscores the significance of providing SOC operators with the necessary skills and open-source tools to address challenges such as detection engineering, incident response, and threat intelligence analysis. Involving key partners such as CIRCL, Restena, Tenzir, and the University of Luxembourg, the project aims to establish a real operational infrastructure for practical training. This initiative integrates academic curricula with industry insights, offering hands-on experience in cyber ranges.

vulnerability-lookup is co-funded by CIRCL and by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or ECCC. Neither the European Union nor the granting authority can be held responsible for them.

https://archive.is/JTLIU

I am looking for active Lemmy accounts about software vulnerabilities, CVEs, etc. It could be specific to GHSA, CSAF, PySEC, GSD, Pypi or whatever.

I will use it in a software vulnerability lookup projects: https://github.com/cve-search/vulnerability-lookup/ in order to create Sightings about vulnerabilities.

(it's fine as well if you can provide me Mastodon accounts. I already follow CVE program)

thank you !

hi everyone!! i need ur help with a security matter!! pardon me my bad English. It's my first time buying online I wanna buy something from eBay with my bank card but eBay doesn't provide 3d security which is another layer of security I'm afraid that my personal might get leaked if i used it like that and i don't wanna open a PayPal account since I'm only using this once plus PayPal fees and deductions are high for someone like me and the extra custom charges are already taking a lot of my money that i was planning to buy other things!! what to do know???????? google wallet? deactivating e-commerce international payment after I'm done purchasing ??? pls help me and thank you! btw this is why crypto should take over!!! 🥹😓

here is the talk description, from its page on the schedule for KubeCon + CloudNativeCon + Open Source Summit China 2024 (which Linux Foundation somehow neglected to put in their youtube upload's description):

In Febuary the Linux kernel community took charge of issuing CVEs for any found vulnerability in their codebase. By doing this, they took away the ability for any random company to assign CVEs in order to make their engineering processes run smoother, and instead have set up a structure for everyone to participate equally.

This talk will go into how the Linux CVE team works, how CVEs are assigned, and how you can properly handle the huge number of new CVEs happening in a simple and secure way.

今年二月，Linux内核社区开始负责为其代码库中发现的任何漏洞发布CVE编号。通过这样做，他们剥夺了任何随机公司分配 CVE 的能力，以便使他们的工程流程更顺畅，取而代之的是建立了一个人人平等参与的结构。

本次演讲将介绍 Linux CVE 团队的工作方式，CVE 的分配过程，以及如何以简单且安全的方式妥善处理大量新出现的 CVE。

Here is a PDF of the slides from Greg's git repo for this talk.

We released version 1.5.0 of the Vulnerability Lookup project! 🎉 (https://github.com/cve-search/vulnerability-lookup/)

This update brings significant new features, improvements, and fixes.

🆕 Notable Changes

We've integrated the Japan Database of Vulnerability Countermeasure Information (JVN DB), correlating security advisories from multiple sources (including NVD, GitHub, and CSAF, etc.) already available in Vulnerability Lookup.

You can now assign tags to comments directly on the website. These tags are stored in the comment's meta field and utilize the MISP Project taxonomy for vulnerabilities. Explore the taxonomy here.

We've enhanced the API to allow users to filter comments and bundles based on data available in the meta JSON field of the objects. This paves the way for leveraging more taxonomies in the future.

More details in the release notes.

Thank you very much to all the contributors and testers! 🙏

As always, feel free to create an account on the main instance operated by CIRCL.

We eagerly await your contributions! 😊