CIRCL - @[email protected]

For the last few days we are also scanning & reporting out exposed Ingress NGINX Controller for Kubernetes (Admission Controller feature). These may possibly be also vulnerable to CVE-2025-1974 & other recently disclosed vulnerabilities. We see around 4000 IPs exposed.

CFP REMINDER: D-15 Hurry up, it's time to submit your Security & Free SW talk or workshop! ➡️ cfp.pass-the-salt.org/pts2025/cfp 📅 deadline: sunday March, 30 midnight! ✉️ a question? send it to speaker-support@pass-the-salt.org 👍 🙏RT appreciated!

I created a small parser for Minimedusa (the MegaMedusa configuration, an L7 DDoS tool). It uses @teamcymru Whois, @circl_lu Passive DNS service and an RDNS lookup for enrichment. There's also a MISP JSON to import the feed in @MISPProject github.com/cudeso/tools/t…

Did you know that since v3.0.0 of misp-modules and v3.0.1 of misp-docker/misp-modules it is possible to load custom misp-modules without building your own image? Just drop them in the corresponding /custom/ directory. github.com/MISP/misp-dock… #L266" target="_blank" rel="nofollow noopener">github.com/MISP/misp-dock…

💡Operational teams responsible for #cybersecurity in European Union countries will be equipped with an AI-based toolkit that will significantly facilitate their work. We are proud that the NASK Institute is leading the international consortium that will implement the project "#AIPITCH—AI-Powered Innovative Toolkit for Cybersecurity Hubs." Nearly 8 million euros, including 4 million from a European funds grant, have been allocated for advanced technologies supporting the fight against cyber threats. Our partners in the project are: @circl_lu, @Shadowserver, @ncbj_swierk and @ABI_Lab. The project is funded by #EuropeanFunds under the DIGITAL-ECCC-2024-DEPLOY-CYBER-06-ENABLINGTEC program.

If you’re using @letsencrypt certificates it becomes time to setup a certificate expiration monitor (if you haven’t done already).

There's a wealth of useful threat data available via Rösti, Repackaged Öpen Source Threat Intelligence. Formats include STIX, JSON, CSV and MISP. Provided by @viql . And now also available as a default @MISPProject feed. Check out rosti.bin.re

We’re delighted to announce the release of Vulnerability-Lookup 2.2.0, packed with enhancements, new features, and bug fixes. Online version: vulnerability.circl.lu Release notes: github.com/cve-search/vul… #cve #vulnerability #vulnerabilities #opensource #CyberSecurity

@jeremiahg The KEV catalog from @CISAgov have been introduced in 2021 and only covers what CISA actually detected at a large scale. You are indeed correct that seems a small ratio over the 270650 CVEs allocated. vulnerability.circl.lu/about

Total CVEs: 240,830 Total KEVs 1,218 0.5% of CVEs have been seen exploited in the wild historically. I've also asked several cyber-insurance carriers if they could share with me the CVEs that resulted in claims. Answer, less than 200 per year.

CVEs have now been assigned: unit42.paloaltonetworks.com/cve-2024-0012-… security.paloaltonetworks.com/CVE-2024-0012 security.paloaltonetworks.com/CVE-2024-9474 6642 IPs found exposed on 2024-11-17 (down from around 11K): dashboard.shadowserver.org/statistics/iot… As a reminder, IP data is shared in our Device ID report daily: shadowserver.org/what-we-do/net…

Apple Fixes Two Exploited Vulnerabilities on Intel-based Mac System #vulnerability #vulnerabilities #cybersecurity #infosec #apple 🔗 vulnerability.circl.lu/bundle/ad1ae2c…

MISP 2.4.200 and 2.5.2 released - Post Hack.lu release with many new features. New feature such as Ad-Hoc Workflows, Private Custom Galaxies, Tags on Event Report, new features in event report & improved PDF export. misp-project.org/2024/11/19/MIS… #ThreatIntel #cti

We see CVE-2024-0012 exploitation attempts since Nov 18th. We are now also observing CVE-2024-9474. IoCs: unit42.paloaltonetworks.com/cve-2024-0012-… Check for signs of compromise and patch: security.paloaltonetworks.com/CVE-2024-0012 security.paloaltonetworks.com/CVE-2024-9474 For additional background - labs.watchtowr.com/pots-and-pans-…

New features in vulnerability lookup includes sighting from different sources including @MISPProject communities. The example below is a vulnerability in Android but the CVE is not yet published. You can track the sighting evolution. #sightings" target="_blank" rel="nofollow noopener">vulnerability.circl.lu/vuln/CVE-2024-… #vulnerability #cve

hack.lu 2024 Wraps Up a Thrilling 18th Edition with Global Participation and Networking Highlights hack.lu/blog/hack.lu-2… #infosec #hacklu2024 #hacklu #conference #threatintelligence

Omg, @_saadk , @0x4D31 , @adulau , @rafi0t, @blubbfiction, @tomchop_, @ddurvaux , @angealbertini , @_hillu and so many more. What is this, a conference or a DREAM team from all recorded speakers ever from @Ministraitor? What a line up.

The first version of the #hacklu 2024 agenda is now live. Check it out here: 2024.hack.lu/agenda/ Don't miss out—join us for this year's edition! #infosec #conference #Luxembourg

AIL Project version 5.7 released with many improvements with 2FA support, multi-organisation support, improved chat monitoring and more. ail-project.org/blog/2024/09/1… #darkweb #threatintelligence #threatintel #telegram #infosec

@cudeso @BlackLotusLabs Thanks for sharing. datatracker.ietf.org/doc/draft-ietf… will introduce new challenges for identification and detection.

Post by @BlackLotusLabs on a large multi-tiered botnet operated by Flax Typhoon. Tier2 nodes can be identified by TLS certificate with random alphanumeric domain name in subject/issuer DN. blog.lumen.com/derailing-the-… #CTI #botnet #iot