Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

https://archive.is/7DLp2

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

We are thrilled to announce the release of Vulnerability-Lookup 5.0.0!

This major release centers on a new CNA-compliant API for managing the vulnerabilities of your local source, together with deep Vulnogram integration, a continued UI refresh, and a long list of stability and correctness fixes.

A special thank you to Niclas Dauster for the substantial contribution behind the new CNA-interoperable API (#398).

What's New

CNA- and GNA-Compatible Vulnerability Management

Vulnerabilities in your local instance can now be managed in a CNA-interoperable way through a dedicated API.

It streamlines Coordinated Vulnerability Disclosure (CVD) through a built-in Vulnogram integration compatible with both CVE 5.2 and GCVE-BCP-05, allowing CNAs and GNAs to publish advisories and synchronize with other instances regardless of the identifier format used.

The new API endpoint is partially interoperable with existing CNA endpoints from the CVE program, building on its solid foundation to enable a compatible and unified system for publishing vulnerability information. The API may be refined in upcoming releases based on feedback from adopters. We firmly believe that interoperable, reusable open-source components are key to preventing fragmentation in the vulnerability ecosystem.

We also welcome other vulnerability publication programs to extend this API to support their specific use cases or new models that could further improve automation in vulnerability handling.

Vulnogram integration

Vulnogram now drives ID reservation within vulnerability-lookup directly and vulnerability data management directly through the new CNA-interoperable API:

• a dialog to view and reserve identifiers,
• range-document creation,
• state filtering,
• reject and delete actions,
• reserved IDs inserted directly into the form.

Configurable identifier allocation

You can now configure GCVE identifier allocation ranges for reservation. A bin script is also provided to migrate existing data to the new GNA ID format.

Website improvements

• A new /kev-catalogs view listing all KEV catalogs.
• Recent sightings are now rendered inside a dedicated home page tab.
• Related vulnerabilities on the CWE detail page are now paginated (#406).

API

• IPs/CIDRs can now be allowlisted to exempt them from the /api read rate limits.

Changes

• UI refresh — We introduced a shared card design language (rounded cards, soft hover, brand-tinted leading icon badges) and applied it across the About, home, /recent and vulnerability pages. The About page gains a hero banner, feature highlights and live stats; the source dropdown on the recent vulnerabilities page was improved; popover triggers on vulnerability views were harmonized; and the sightings correlations tabs were reorganized. More UI improvements will come in future releases.
• Production reference architecture — The documentation now includes a production reference architecture (HAProxy, Varnish, CDN, dumps and configuration examples).

Fixes

It also addresses a number of other issues:

• UI — Preserve the VLAI popover header when refreshing content; align right-side navbar dropdowns to prevent overflow.
• Website — Make Choices.js search inputs readable in the dark theme; repopulate the product list when the vendor changes on the search page; propagate config DEBUG=True to the FLASK_DEBUG environment variable.
• Core — Add a timeout to graceful shutdown to prevent an infinite loop (#409).
• API — Correct the per_page range check across the remaining endpoints, including rulezet and user (#411).
• Docker — Use the kvrocks container name in .env.sample (#407).
• Typing — Assorted mypy/typing fixes and Python 3.11 f-string compatibility.

Migration Notes

A bin script is provided to migrate existing local-source data to the new GNA ID format.

Changelog

📂 For the full list of changes, check the GitHub release:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v5.0.0

🙏 A big thank you to all contributors and testers!

Feedback and Support

If you encounter any issues or have suggestions, feel free to open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
Your feedback is always appreciated!

Follow Us on Fediverse/Mastodon

You can follow us on Mastodon and get real-time information about security advisories:
https://social.circl.lu/@vulnerability_lookup/

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

cross-posted from: https://lemmy.sdf.org/post/53682797

The operation resulted in the seizure of approximately 800 servers and the arrest of two individuals, marking a major milestone in the fight against cyberattacks and digital disinformation campaigns.

[...]

The network, comprising several companies, included Stark Industries, WorkTitans/B.V., and Mirhosting, all of which are suspected of playing key roles in supporting cyberattacks and destabilization campaigns.

[...]

The European Union had previously imposed sanctions on certain entities connected to this network, but investigators found evidence that operations continued through a newly created Dutch entity, suspected of acting as a front company to bypass sanctions and regulatory controls.

FIOD conducted coordinated raids across multiple locations, seizing hundreds of servers, laptops, mobile phones, and extensive administrative records.

[...]

The case underscores the importance of modern cyberattacks relying not only on hacking tools and malicious software but also on highly organized hosting and networking infrastructure that operates across multiple jurisdictions.

[...]

Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)

So I work at a factory. It's decent work, pays the bills. But I burn through my monthly data in a week from browsing my phone on breaks. I know there's company wifi all over the building, but it's intended for the office drones, not the plebs like me on the factory floor.

Some of the guys I've worked with knew the password and could use the wifi, but everyone I asked refused to share the password with me. I guess the didn't want to risk getting in trouble? 🤷‍♂️

Anyway, a while back I learned about these pwnagotchi things, and from what I've found it would be exactly what I need to sniff out the password myself. But is this right?

Could someone who knows more about this tell me if I'm on the right track or not? Would this work, or would something else do better?

For the record, I only browse lemmy and a little Facebook at work, I'm not looking to download a bunch of stuff or bring a laptop to game on or anything. Just want to poke around the internet without using all my monthly data.

A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively.

The operation has been active since at least mid-2022 and targeted organizations across the Asia Pacific and parts of the Middle East. It was attributed to the Calypso threat group, also tracked as Red Lamassu.

According to researchers at Lumen's Black Lotus Labs and PwC Threat Intelligence, the threat actor set up and used multiple telecom-themed domains to impersonate their targets.

We are excited to announce the release of Vulnerability-Lookup 4.6.0!
This version brings more transparency, new data sources, API improvements, notable UI enhancements, and several performance and stability fixes.

What's New

VLAI model transparency

The VLAI badge popover now surfaces the exact model name and revision used for a given analysis, with direct links to the HuggingFace model card and the revision commit. This is particularly useful as we regularly update our AI models and publish new versions on HuggingFace, making it easy to track exactly which model version produced a given result.

Moksha feeder

A new feeder for Moksha has been added, mirroring the indexing pattern used by the cvelistv5 source. Because Moksha is accessible over Tor, the feeder requires a local Tor instance and is disabled by default.

KEV catalog on the homepage and search results

The latest entries from CISA's Known Exploited Vulnerabilities (KEV) catalog are now displayed directly on the homepage. KEV catalog badges also appear on the search results page, giving you an immediate signal when a vulnerability is actively exploited in the wild.

Improved CSAF advisory display

CSAF advisories now show a structured per-status product table derived from the product_tree, and the /recent page loads only the selected source with its own pagination — making it faster to browse recent activity.

API additions

• A new with_meta parameter on the vulnerabilities list endpoint lets consumers fetch enriched metadata in a single call.
• Optional, tier-aware rate limits can now be applied to vulnerability read endpoints.
• A machine-readable access policy endpoint is available for automated consumers.

Changes

• Performance improvements — Hot read endpoints are now cached with a Redis backend, full-text index writes are batched, and homepage sighting statistics are computed via a dedicated aggregated endpoint. These changes significantly reduce load under traffic spikes.
• Homepage and template updates — The home page displays more information at a glance; the sources list on the About page is now in a collapsible accordion; Moksha is available in the /recent source menu.
• ML-Gateway — The gateway response now includes the model name and revision, which are forwarded by the API (project page).
• Dependencies — Python dependencies have been updated.

Fixes

This release includes a number of stability and correctness fixes: rate-limiter accuracy improvements (correct client IP resolution, dedicated Redis backend), Flask-Caching Redis pool reliability under gunicorn/gevent, EPSS badges on search results, timezone-aware timestamps for comments and bundles, restricted comment editing to authorized users only, and several minor UI and template corrections.

Changelog

📂 For the full list of changes, check the GitHub release:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v4.6.0

🙏 A big thank you to all contributors and testers!

Feedback and Support

If you find any issues or have suggestions, please open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
We appreciate your feedback!

Follow Us on Fediverse/Mastodon

Stay updated on security advisories in real-time by following us on Mastodon:
https://social.circl.lu/@vulnerability_lookup/