Mastodawn

🔥 New in Vulnerability-Lookup: KEV Catalog Coverage!

🔥 New in Vulnerability-Lookup: KEV Catalog Coverage! - Lemmy

Vulnerability-Lookup now provides a coverage matrix on its KEV catalogs page, showing which Known Exploited Vulnerability catalogs (e.g. EUVD KEV, CISA KEV, CIRCL KEV) reference the most recently updated vulnerabilities. Each row corresponds to a vulnerability and each column to a catalog, making it straightforward to identify overlaps and gaps between KEV sources. All catalogs follow the GCVE-BCP-07 [https://gcve.eu/bcp/gcve-bcp-07/] standard for documenting actively exploited vulnerabilities. The coverage matrix is available at: https://vulnerability.circl.lu/kev-catalogs [https://vulnerability.circl.lu/kev-catalogs] If a Vulnerability-Lookup instance is pulling more KEV catalogs, more columns will be automatically shown in the table. [https://lemmy.ml/pictrs/image/afac4519-1f8a-401d-879f-da529b84f0b1.png]

Martin Schmiedecker 1d ago

Cedric 1d ago

The coverage matrix is available at:

https://vulnerability.circl.lu/kev-catalogs

#KEV #OpenSource #Vulnerability #VulnerabilityManagement

Martin Schmiedecker 1d ago

Ei/Ψ 4d ago

We have just opened registration for Security in Times of Surveillance 2026, which will take place 26 June in Eindhoven. https://eipsi.win.tue.nl/surveillance.html
Speakers include
* Martin Albrecht @malb King's College London
* Chloé Berthélémy @chlobemy Senior Policy Advisor EDRi
* Rikke Bjerg Jensen, Royal Holloway University London
* Thomas Lohninger @socialhack epicenter.works
* Björn Ruytenberg @0Xiphorus Vrije Universiteit Amsterdam
* Carmela Troncoso @carmelatroncoso , Max Planck Institute for Security and Privacy

Martin Schmiedecker 1d ago

jomo 1d ago

Bumsrakete being delivered to the corporate infosec world

#bumsrakete #infosec

Martin Schmiedecker 1d ago

Usenix WOOT Conference on Offensive Technologies

1d ago

Constant time programming is the primary defense against timing attacks, but the meaning of the term actually varies. On a key loading case study, Brumley finds BoringSSL's leak orders of magnitude stronger than OpenSSL's, despite, surprisingly, a stricter threat model.

Martin Schmiedecker 1d ago

leyrer 1d ago

US Congress failed to extend the "Section 702", the surveillance law allowing for the "legal" data grab from European citizens and companies. The EU always pretended there was no violation of EU law and safeguards were adequate.
https://www.politico.com/news/2026/06/11/spy-law-on-track-to-lapse-after-house-rejects-extension-00958420

Spy law on track to lapse after Congress rejects extension

The vote effectively ensures Section 702 will expire for the first time since it was enacted in 2008.

Politico

Martin Schmiedecker 1d ago

stacksmashing 1d ago

My DEF CON talk "Hacking jetskis - from Sea-Don't to Sea-Doo" got accepted 🥳

We'll be having some good fun - such as bypassing the immobilizer using a custom Flipper Zero app, building a custom diagnostic adapter, and some big plot-twists 🛥️

Martin Schmiedecker 1d ago

JRT 2d ago

This is next level infosec shitposing:

"It is the FreeBSD analogue of Linux's Dirty Pipe, CopyFail, Fragnesia, and Dirty Frag — except we gave it a BETTER name, with a BETTER logo, on a BETTER website. The other bug websites? Disasters. Sad. Many people have told us this."

https://bumsrake.de/
#CVE202645257

BUMSRAKETE™ — The Most Beautiful, Most Tremendous FreeBSD Vulnerability In The History Of Computing. BELIEVE ME.

BUMSRAKETE is a HUGE, TREMENDOUS, MANY-PEOPLE-ARE-SAYING FreeBSD kTLS-RX page-cache write primitive. The BEST primitive. Some say the best ever.

Martin Schmiedecker 2d ago

BSidesVienna.at 2d ago

We have one more surprise for you! The final batch of #BSidesVienna tickets will be released next week. Keep an eye on our channels to make sure you get yours before they all sell out!