https://www.europesays.com/2183857/ Banks in S. Korea, Taiwan, Thailand #Economy #outlook #RetailNews #RetailProblems #retailers #sector #SouthKorea #vulnerabilities
https://www.europesays.com/2183857/ Banks in S. Korea, Taiwan, Thailand #Economy #outlook #RetailNews #RetailProblems #retailers #sector #SouthKorea #vulnerabilities
(Maybe intentional, maybe unintentional) deceptive advisories 101: https://certvde.com/en/advisories/VDE-2025-052/ .
The actual vulns here are OS command injection issues (CWE-78). The webapp just so happens to be vulnerable to CSRF too, so they use CWE-352, but honestly nobody in their right mind gives a crap about CSRF as a top priority item.
There are multiple ways to exploit the bugs. The score/vector in the advisory is technically correct, but you could also exploit the bug (or series of bugs) as 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) or 9.9 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) depending on the privilege required to do the OS command injection. But honestly the 'what privilege required' becomes moot when you search the user manual for default credentials....
Whether the deception is intentional or not, who knows, it is what it is. Attackers are never* gonna use CSRF, but they are absolutely positively going to abuse command injection (even authenticated command injection), especially against devices which has 1) a cellular modem and 2) published default credentials that are incredibly easy to learn.
This is all an example of the fact that CVSS does not score a vulnerability, but rather scores one exploitation method of a vulnerability. There are often multiple ways to interpret 'a vuln'. In this case the advisory probably should have reserved more CVEs anyway: some to cover the CSRF, and others to cover the command injection bugs (the fixes for each are most likely distinct code changes, so worthy of independent CVEs, but I digress).
And sorry for the sales pitch: this is the kind of thing that we manually review all week, every week, and publish details about in our Worldview reports: https://www.dragos.com/dragos-worldview/
Secure Boot just got a wake-up call—hackers are now exploiting a new flaw to slip bootkit malware past our digital bouncer. Ever wonder how secure your system really is?
https://thedefendopsdiaries.com/navigating-the-challenges-of-secure-boot-vulnerabilities/
Latest issue of my curated #cybersecurity and #infosec list of resources for week #23/2025 is out!
It includes the following and much more:
Cartier announced a #databreach;
Microsoft and CrowdStrike are working together to connect the different names used for hacking groups;
German authorities have identified Vitaly Nikolaevich Kovalev as the leader of the #TrickBot cybercrime gang;
Over 30 #Vulnerabilities Patched in #Android;
Microsoft has launched a free European Security Program to enhance cybersecurity for #EU governments;
#Microsoft Helps India CBI Dismantle Indian Call Centers;
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end
https://infosec-mashup.santolaria.net/p/infosec-mashup-23-2025
The VLAI Severity model is accessible via API. Here is a simple example from a recent Ivanti vulnerability description from their vulnerability webpage.
The VLAI Security model for vulnerabilities is accessible via vulnerability-lookup and the public instance operated by CIRCL.
So, if you have a vulnerability description, you can quickly assess it to get a general idea of its severity.
curl -X 'POST' \
'https://vulnerability.circl.lu/api/vlai/severity-classification' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{ "description": "Ivanti has released updates for Ivanti Neurons for ITSM (on-prem only) which addresses one critical severity vulnerability. Depending on system configuration, successful exploitation could allow an unauthenticated remote attacker to gain administrative access to the system. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. We have included an environmental score to provide customers with additional context on the adjusted risk of this vulnerability with typical use cases. Customers who have followed Ivanti guidance on securing the IIS website and restricted access to a limited number of IP addresses and domain names have a reduced risk to their environment. Customers who have users log into the solution from outside their company network also have a reduced risk to their environment if they ensure that the solution is configured with a DMZ." }'
and the result
{
"severity": "Critical",
"confidence": 0.9256
}
#cve #ivanti #vulnerability #vulnerabilitymanagement #vulnerabilities
For more details: https://www.vulnerability-lookup.org/2025/05/22/vulnerability-lookup-2-10-0/#ai-powered-enrichment-using-our-in-house-ai-models
Do you remember the infamous Sony PlayStation Network hack? As a pivotal case study, this attack highlights the advancements in cybersecurity following one of history's most significant cyberattacks on cloud platforms.
European vulnerability database opens in case the dumbass Americans cut funding again.
https://www.infosecurity-magazine.com/news/european-vulnerability-database-us/
This time I'm begging you to update yo shit!
PSA: iOS 18.5 patches over 30 iPhone security vulnerabilties - 9to5Mac
Open source project #curl is sick of users submitting “AI slop” #vulnerabilities - Ars Technica
"One way you can tell is it's always such a nice report," founder tells Ars.
#aislop #ai #security
Okay. Every now and then, I may use some AI to help write something.
But if I can't articulate what's wrong or where something is broken to get it fixed, maybe I should leave that up to someone who can.
Open source project curl is sick of users submitting “AI slop” vulnerabilities
Open source project curl is sick of users submitting “AI slop” vulnerabilities https://arstechni.ca/LAhpm #vulnerabilities #bugreports #hackerone #security #Tech #curl #AI
Latest issue of my curated #cybersecurity and #infosec list of resources for week #18/2025 is out!
It includes the following and much more:
France has linked Russian APT to 12 #cyberattacks on French Orgs.;
Cybersecurity experts demand the reinstatement of Chris Krebs' security clearances and the withdrawal of the investigation;
#Vulnerabilities in Apple's #AirPlay Protocol;
New York's Metropolitan Transportation Authority plans to use #AI and cameras to detect potential subway crimes before they happen;
@SentinelOne Targeted by Chinese #PurpleHaze Group;
#Microsoft sets all new accounts #passwordless by default;
The #Trump administration plans to cut $491 million from #CISA's budget;
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end
https://infosec-mashup.santolaria.net/p/infosec-mashup-18-2025
Seven new GNAs have been registered on GCVE.EU !
We're glad to see the community grow and are open to new GNA applications
JSON https://gcve.eu/dist/gcve.json
Why and How to become a GNA https://gcve.eu/about/#eligibility-and-process-to-obtain-a-gna-id
Latest issue of my curated #cybersecurity and #infosec list of resources for week #17/2025 is out!
It includes the following and much more:
Two top officials from #CISA resigned;
U.S. Defense Secretary Pete Hegseth caught in another information leak;
Yearly Threat Intelligence Reports Released;
U.S. lost record $16.6 billion to #cybercrime in 2024;
5.5 Million Patients Affected by #DataBreach at Yale New Haven Health;
VulnCheck spotted 159 actively exploited #vulnerabilities in first few months of 2025;
FBI is seeking public help to identify Chinese hackers known as #SaltTyphoon and offers $10 million reward;
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end
https://infosec-mashup.santolaria.net/p/infosec-mashup-17-2025
A Python client for the Global CVE Allocation System has been released.
by @cedric
Cybercriminals switch up their top initial access vectors of choice – Source: www.csoonline.com https://ciso2ciso.com/cybercriminals-switch-up-their-top-initial-access-vectors-of-choice-source-www-csoonline-com/ #ThreatandVulnerabilityManagement #IdentityandAccessManagement #rssfeedpostgeneratorecho #CyberSecurityNews #IncidentResponse #vulnerabilities #cyberattacks #Cybercrime #CSOonline #CSOOnline #Phishing
The first publication of the GCVE-BCP-01 - Signature Verification of the Directory File
More information about BCP https://gcve.eu/bcp/
GCVE-BCP-01 https://gcve.eu/bcp/gcve-bcp-01/
The digital signature of the directory file was added in response to requests from various open-source developers and GNAs.
#cve #gcve #vulnerabilities #opensource
FAQ https://gcve.eu/faq/#q13-is-the-json-file-distributed-by-gcve-signed-and-how-can-the-signature-be-verified
Directory file https://gcve.eu/dist/
New Research Alert: Attackers are exploiting a dangerous class of cyber flaws—resurgent vulnerabilities. Learn how they work, why they matter, and what defenders can do. Full analysis
#Cybersecurity #GreyNoise #Vulnerabilities