| homepage | https://www.dfn-cert.de |
| RFC 2350 | https://www.dfn-cert.de/summary/rfc-2350-csirt-description-for-dfn-cert/ |
| Imprint | https://www.dfn-cert.de/impressum/ |
🚀 RansomLook 1.9.0 – Sunny Release 🌞
We’re excited to announce version 1.9.0 of RansomLook, marking a major milestone:
👉 2,000 onion sites monitored! 🎉
This release improves stability, extends coverage, and strengthens resilience against unstable or short-lived leak sites.
We are pleased to announce the release of MISP v2.5.18, featuring a brand-new on-demand correlation engine, new improved task scheduling, Forgejo CI integration, and a wide range of fixes and refinements.
#misp #threatintelligence #cti #tip #cybersecurity #opensource
For more details: https://www.misp-project.org/2025/08/20/misp.2.5.18.released.html/
Did you miss Mikko Hyppönens keynote at the Black Hat this year?
Don't worry, we got you covered with a recording of his key note ... from our lovely conference 😉
Watch it here folks and have a great weekend:
https://www.youtube.com/watch?v=wuIhoZ97UkE
Intrusion detection in industrial control systems with comprehensible alarms and no extensive expert knowledge required? Check out our (Fraunhofer FKIE and RWTH Aachen University) work on GeCo 🦎 to realize generalizable and comprehensible industrial intrusion detection.
1/3
🏖️Sommerlektüre gewünscht? Aus den DFN-Mitteilungen:
„To sign or not to sign – that is the question!“ 🔐
Kann man mit Zertifikaten aus der DFN-PKI neben E-Mails, auch PDF-Dokumente signieren? Eine scheinbar einfache Frage – mit einer erstaunlich komplexen Antwort.
Was genau digitale Signaturen leisten, erklärt der Artikel in der aktuellen Ausgabe der #DFN_Mitteilungen:
👉 https://www.dfn.de/to-sign-or-not-to-sign-that-is-the-question/
@dfncert
#DigitaleSignatur #DFNPKI #Sicherheit #Authentizität #DigitaleVerwaltung
SonicWall now claims 347-Day:
https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430
> We now have high confidence that the recent SSLVPN activity is **not connected to a zero-day vulnerability**. Instead, there is a significant correlation with threat activity related to CVE-2024-40766, which was previously disclosed and documented in our public advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015.
> We are currently investigating fewer than 40 incidents related to this cyber activity. Many of the incidents relate to migrations from Gen 6 to Gen 7 firewalls, where local user passwords were carried over during the migration and not reset. Resetting passwords was a critical step outlined in the original advisory.
"Critical Step" as in
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015#:~:text=Recommended%20Actions
> SonicWall strongly recommends that all users of GEN5 and GEN6 firewalls with locally managed SSLVPN accounts immediately update their passwords to enhance security and prevent unauthorized access. Administrators must enable the "User must change password" option for each local account. Alternatively, they can use a bulk change automation script available [at] https://github.com/sonicwall/sonicos-automation.
I learned an incredible about from this chat I had with @adulau and @cedric about @gcve
I'm still working through all the details, but I'm starting to suspect #GCVE solved many of the problems with vulnerability data I've been complaining about for a very long time
If you do anything with vulnerabilities this one is worth a listen
https://opensourcesecurity.io/2025/2025-08-gcve-cedric-alex/
In this episode I discuss GCVE and Vulnerability-Lookup with Alex and Cedric from CIRCL. GCVE offers a decentralized approach, allowing organizations to assign their own IDs and publish vulnerabilities independently. Vulnerability-Lookup is the tool that makes GCVE a reality. The flexibility addresses many of the limitations we see today with a single centralized ID system. The work happening by CIRCL on GCVE is very impressive, with all the current CVE turmoil, this is a project we should all be paying attention to.
Something is off at SonicWall:
https://www.sonicwall.com/support/notices/gen-7-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430
##
Over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is enabled.
##
Kudos to @huntress, Arctic Wolf, h/t @shadowserver for the timely update
We’re excited to welcome SURFcert to the Shadowserver Alliance as a Bronze Tier Partner!
Together with SURFcert and fellow Alliance Partners, we’re making the Internet more secure for all.
Read more about SURFcert: https://www.surf.nl/en
@SURF
Become a Shadowserver Alliance Partner today: https://www.shadowserver.org/partner/
Alexandre Dulaunoy
MISP
Elbsides
Martin Henze
Deutsches Forschungsnetz (DFN)
Josh Bressers
The Shadowserver Foundation