Cybersecurity

Late at night, I was testing a proof-of-concept (PoC) exploit for CVE-2020-35489 (https://github/[.]com/gh202503/poc-cve-2020-35489) that I found on GitHub. The repository looked legitimate, and in my exhaustion, I skipped the usual precautions. I cloned the repository and ran the script without inspecting its contents.

A few hours later, my system started behaving strangely. CPU usage was abnormally high, and after further investigation, I found that a hidden malware had infected my machine. Worse, my credentials, SSH keys, and other sensitive data had been stolen and uploaded to an attacker-controlled repository.

the EUVD comes with a holistic approach and aims for ensuring a high level of interconnection of information sources. It does so by leveraging the open-source software Vulnerability-Lookup which enables a quick correlation of vulnerabilities from multiple known sources. ... Utilising the Common Security Advisory Framework (CSAF), a standardised format for vulnerability advisories, the EUVD supports automation in the processing, consumption, and distribution of security advisories.

The EUVD collects and references vulnerability information collected from existing databases (such as MITRE’s CVE DB, GitHub's Advisory Database, JVN iPedia, GSD-Database), adds additional information via references to advisories and alerts issued by national CSIRTs, mitigation and patching guidelines published by vendors, and enriches it with exploited vulnerability markings (such as CISA KEV) and FIRST’s Exploit Prediction scores (EPSS).

(Note: ENISA has been tasked with establishing the EUVD as outlined in Article 12 of the NIS-2 Directive.)

• Invidious
• Youtube

"Our recommendation is to do what your antivirus software says especially in regards to this one (WinRing0) because again it's not a false positive; it's a true positive. This is a real potential vulnerability and if Windows quarantines WinRing0 we'd say let it happen.

If anyone tells you to ignore those warnings then treat those people or those groups with extreme skepticism. Again there are real vulnerabilities that have been used which can exploit your machine."

• Steve Burke from Gamers Nexus

The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.

While remaining compatible with the traditional CVE system, GCVE introduces GCVE Numbering Authorities (GNAs). GNAs are independent entities that can allocate identifiers without relying on a centralised block distribution system or rigid policy enforcement.

cross-posted from: https://lemmy.bestiver.se/post/328810

Comments

cross-posted from: https://midwest.social/post/26331167

This is an utter failure of oversight in governance. And likely a misappropriation of government funds.

What a colossally shortsighted decision.

Funding is about to run out for the Common Vulnerabilities and Exposures (CVE) program – a system used by major companies like Microsoft, Google, Apple, Intel, and AMD to identify and track publicly disclosed cybersecurity vulnerabilities. The program helps engineers identify how bad an exploit is and how to prioritize applying patches or other mitigations.

MITRE, the federally funded organization behind the program, confirmed to The Verge that its contract to “develop, operate, and modernize” CVE will expire on April 16th.

First launched in 1999, the CVE program houses a database where participating organizations can assign IDs to known cybersecurity vulnerabilities. The IDs consist of the letters “CVE” followed by a year and a number, such as CVE-2022-27254, allowing security professionals to monitor details about the vulnerabilities that may impact the devices we use every day and systems that contain information critical to practically everything we do.

Lukasz Olejnik, a security and privacy researcher, said in a post on X that a lack of support for CVE could “cripple” cybersecurity systems around the globe. “The consequence will be a breakdown in coordination between vendors, analysts, and defense systems — no one will be certain they are referring to the same vulnerability,” Olejnik wrote. “Total chaos, and a sudden weakening of cybersecurity across the board.”

“The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource,” Yosry Barsoum, MITRE’s vice president and director at the Center for Securing the Homeland, said in an emailed statement to The Verge. Barsoum also said the change will affect the Common Weakness Enumeration program, which catalogs hardware and software weaknesses.

The news was first spotted in a leaked letter to MITRE board members posted on X and Bluesky. MITRE receives funding from the US Department of Homeland Security (DHS) and the Infrastructure Security Agency (CISA) to “operate and evolve the CVE Program as an independent, objective third party,” according to a video about the program.

WASHINGTON, April 15 (Reuters) - The notorious internet messageboard 4chan has been hacked, according to posts circulating online, some of which said that a the hacker involved had revealed identifying details of the site's moderators to the public. The alleged hack first came to light when a defunct section of the site sprang back to life with the words "U GOT HACKED" emblazoned across the top, according to Wired magazine.

The Reuters Daily Briefing newsletter provides all the news you need to start your day. Sign up here. Alon Gal, co-founder of Israeli cybercrime monitoring company Hudson Rock, said the claim of a hack "looks legit," citing the publicly circulating screenshots purporting to show 4chan's backend infrastructure

• Check Point Research has been tracking an advanced phishing campaign conducted by APT29, a Russia linked threat group, which is targeting diplomatic entities across Europe.
• The campaign, which appears to be a continuation of a previous one that utilized a backdoor known as WINELOADER, impersonates a major European foreign affairs ministry to distribute fake invitations to diplomatic events—most commonly, wine tasting events.
• This campaign employs a new loader, called GRAPELOADER, which is downloaded via a link in the phishing email. In addition, we discovered a new variant of WINELOADER which is likely used in later stages of the campaign.
• While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool used for fingerprinting, persistence, and payload delivery. Despite differing roles, both share similarities in code structure, obfuscation, and string decryption. GRAPELOADER refines WINELOADER’s anti-analysis techniques while introducing more advanced stealth methods.

Mod IPs and emails leaked