cross-posted from: https://lemmy.sdf.org/post/53682797

The operation resulted in the seizure of approximately 800 servers and the arrest of two individuals, marking a major milestone in the fight against cyberattacks and digital disinformation campaigns.

[...]

The network, comprising several companies, included Stark Industries, WorkTitans/B.V., and Mirhosting, all of which are suspected of playing key roles in supporting cyberattacks and destabilization campaigns.

[...]

The European Union had previously imposed sanctions on certain entities connected to this network, but investigators found evidence that operations continued through a newly created Dutch entity, suspected of acting as a front company to bypass sanctions and regulatory controls.

FIOD conducted coordinated raids across multiple locations, seizing hundreds of servers, laptops, mobile phones, and extensive administrative records.

[...]

The case underscores the importance of modern cyberattacks relying not only on hacking tools and malicious software but also on highly organized hosting and networking infrastructure that operates across multiple jurisdictions.

[...]

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

So I work at a factory. It's decent work, pays the bills. But I burn through my monthly data in a week from browsing my phone on breaks. I know there's company wifi all over the building, but it's intended for the office drones, not the plebs like me on the factory floor.

Some of the guys I've worked with knew the password and could use the wifi, but everyone I asked refused to share the password with me. I guess the didn't want to risk getting in trouble? 🤷‍♂️

Anyway, a while back I learned about these pwnagotchi things, and from what I've found it would be exactly what I need to sniff out the password myself. But is this right?

Could someone who knows more about this tell me if I'm on the right track or not? Would this work, or would something else do better?

For the record, I only browse lemmy and a little Facebook at work, I'm not looking to download a bunch of stuff or bring a laptop to game on or anything. Just want to poke around the internet without using all my monthly data.

A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively.

The operation has been active since at least mid-2022 and targeted organizations across the Asia Pacific and parts of the Middle East. It was attributed to the Calypso threat group, also tracked as Red Lamassu.

According to researchers at Lumen's Black Lotus Labs and PwC Threat Intelligence, the threat actor set up and used multiple telecom-themed domains to impersonate their targets.

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

We are excited to announce the release of Vulnerability-Lookup 4.6.0!
This version brings more transparency, new data sources, API improvements, notable UI enhancements, and several performance and stability fixes.

What's New

VLAI model transparency

The VLAI badge popover now surfaces the exact model name and revision used for a given analysis, with direct links to the HuggingFace model card and the revision commit. This is particularly useful as we regularly update our AI models and publish new versions on HuggingFace, making it easy to track exactly which model version produced a given result.

Moksha feeder

A new feeder for Moksha has been added, mirroring the indexing pattern used by the cvelistv5 source. Because Moksha is accessible over Tor, the feeder requires a local Tor instance and is disabled by default.

KEV catalog on the homepage and search results

The latest entries from CISA's Known Exploited Vulnerabilities (KEV) catalog are now displayed directly on the homepage. KEV catalog badges also appear on the search results page, giving you an immediate signal when a vulnerability is actively exploited in the wild.

Improved CSAF advisory display

CSAF advisories now show a structured per-status product table derived from the product_tree, and the /recent page loads only the selected source with its own pagination — making it faster to browse recent activity.

API additions

• A new with_meta parameter on the vulnerabilities list endpoint lets consumers fetch enriched metadata in a single call.
• Optional, tier-aware rate limits can now be applied to vulnerability read endpoints.
• A machine-readable access policy endpoint is available for automated consumers.

Changes

• Performance improvements — Hot read endpoints are now cached with a Redis backend, full-text index writes are batched, and homepage sighting statistics are computed via a dedicated aggregated endpoint. These changes significantly reduce load under traffic spikes.
• Homepage and template updates — The home page displays more information at a glance; the sources list on the About page is now in a collapsible accordion; Moksha is available in the /recent source menu.
• ML-Gateway — The gateway response now includes the model name and revision, which are forwarded by the API (project page).
• Dependencies — Python dependencies have been updated.

Fixes

This release includes a number of stability and correctness fixes: rate-limiter accuracy improvements (correct client IP resolution, dedicated Redis backend), Flask-Caching Redis pool reliability under gunicorn/gevent, EPSS badges on search results, timezone-aware timestamps for comments and bundles, restricted comment editing to authorized users only, and several minor UI and template corrections.

Changelog

📂 For the full list of changes, check the GitHub release:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v4.6.0

🙏 A big thank you to all contributors and testers!

Feedback and Support

If you find any issues or have suggestions, please open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
We appreciate your feedback!

Follow Us on Fediverse/Mastodon

Stay updated on security advisories in real-time by following us on Mastodon:
https://social.circl.lu/@vulnerability_lookup/

My path through security has been unusual, so I've run in to some unusual solutions to problems. Some feel so intuitive that it's hard for me to believe they're unique. But I'm realizing they may be worth writing up and sharing.

This seems like an appropriate place to share my first write up, but, if not, I'd appreciate being pointed in the right direction.

Here's a quick overview on using table top exercises to verify runbooks. Feedback is always welcome, especially editing (grammar, typos, and the like).

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

Comments

ive been working on a side project called hecate (foss) and looking for some people to give it a try and give some feedback.

its basically a local vuln db + SCA tool aimed at sec admins and devs:

• vuln info collection + api access
• SCA scans for repos and containers
• AI part is fully opt-in/out (so nothing touches ai if you dont want it)

its based on a prototype i built for my research thesis so still some rough edges.. but the core works.

demo: https://hecate.pw/ -> system page & AI pages are locked on the demo site
selfhost: https://github.com/0x3e4/hecate

any feedback is welcome.. especially from people doing vuln mgmt, container scanning or dependency review day to day.. thanks in advance!

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

GitHub issue [COMPROMISED] v2.6 Linux Ubuntu and AppImage release assets have been replaced (SOLVED, now restored) #1911

rentry doc (dunno publisher)

It has come to our attention that from 6th May to today (12th May) the AppImage and Ubuntu zip assets of Cemu 2.6 on our github were compromised by a pro-Russian threat actor.
If you are a Windows or MacOS user you are not affected. If you are a flatpak user you are also not affected.

This means that downstream projects like EmuDeck, which downloads and installs Cemu directly from GitHub Releases was also affected.

Looks like 19 million records were exposed https://www.securitymagazine.com/articles/102248-hackers-claim-19m-records-stolen-from-french-government-agency

cross-posted from: https://feddit.org/post/29792137

How to reproduce :

1. Copy the FsTx folder to "YourUSBStick:\System Volume Information\FsTx" as is and make sure to use a filesystem that's compatible with Windows (NTFS is preferable but I think FAT32/exFAT should work as well). Funny thing is, the vulnerability is extremely convenient, you don't even need to plug an external storage device, you can just pull out the disk, copy the files in the EFI partition, put it back and it will still work. That's how bad it is.
2. Plug the USB stick in your target windows computer with bitlocker protection turned on.
3. Reboot to Windows Recovery Environment Agent (you can do that by holding SHIFT and clicking on the restart button using your mouse)
4. Once you click on the restart button, lift your finger off the SHIFT key and hold CRTL and do NOT lift your finger off it.
5. If you did everything properly, a shell will spawn with unrestricted access to the bitlocker protected volume.

(...)

Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not.