• Activity
  • Votes
  • Comments
  • New
  • All activity
    • Showing only topics in ~comp with the tag "security.cyber". Back to normal view / Search all groups

    2. Working on a ~2008 dream gaming computer running Vista (in an old server)

      Ask (recommendations)
      Any clever ways to connect to the Internet safely to update drivers, security, etc? I'd only want to connect to Intel, AMD, Microsoft, etc, and then would physically disconnect the lan card. I...

      Any clever ways to connect to the Internet safely to update drivers, security, etc? I'd only want to connect to Intel, AMD, Microsoft, etc, and then would physically disconnect the lan card. I know, dangerous, but I'm trying a piecemeal approach with a flash drive and getting mixed results. I tried to update to Service Pack 2, and it bricked the computer on restart, back to flashing Vista.

      14 votes

    4. MITRE support for the Common Vulnerabilities and Exposures (CVE) program will expire tomorrow

      Text 588 words
      A letter to CVE board members posted to bluesky a few hours ago reveals that MITRE funding for the Common Vulnerabilities and Exposures (CVE) program is about to expire. Haven't found any good...

      A letter to CVE board members posted to bluesky a few hours ago reveals that MITRE funding for the Common Vulnerabilities and Exposures (CVE) program is about to expire. Haven't found any good articles that cover this news story yet, but it's spreading like wildfire over on bluesky.

      Of course this doesn't mean that the CVE program will immediately cease to exist, but at the moment MITRE funding is absolutely essential for its longterm survival.

      In a nutshell CVEs are a way to centrally organize, rate, and track software vulnerabilities. Basically any publicly known vulnerability out there can be referred to via their CVE number. The system is an essential tool for organizations worldwide to keep track of and manage vulnerabilities and implement appropriate defensive measures. Its collapse would be devestating for the security of information systems worldwide.

      How can one guy in a position of power destroy so much in such a short amount of time..? I hope the EU will get their shit together and fund independent alternatives for all of these systems being butchered at the moment...

      Edit/Update 20250415 21:10 UTC:
      It appears Journalist David DiMolfetta confirmed the legitimacy of the letter with a source a bit over an hour ago and published a corresponding article on nextgov 28 minutes ago.

      Edit/Update 20250415 21:25 UTC:
      Brian Krebs also talked to MITRE to confirm this news. On infosec.exchange he writes:

      I reached out to MITRE, and they confirmed it is for real. Here is the contract, which is through the Department of Homeland Security, and has been renewed annually on the 16th or 17th of April.
      MITRE's CVE database is likely going offline tomorrow. They have told me that for now, historical CVE records will be available at GitHub, https://github.com/CVEProject

      Edit/Update 20250415 21:37 UTC:
      Abovementioned post has been supplemented by Brian Krebs 5 Minutes ago with this comment:

      Hearing a bit more on this. Apparently it's up to the CVE board to decide what to do, but for now no new CVEs will be added after tomorrow. the CVE website will still be up.

      Edit/Update 20250416 08:40 UTC:
      First off here's one more article regarding the situation by Brian Krebs - the guy I cited above, as well as a YouTube video by John Hammond.

      In more positive news: first attempts to save the project seem to emerge. Tib3rius posted on Bluesky about half an hour ago, that a rogue group of CVE board members has Launched a CVE foundation to secure the project's future. It's by no means a final solution, but it's at least a first step to give some structure to the chaos that has emerged, and a means to manage funding from potential alternative sources that will hopefully step up to at least temporarily carry the project.

      Edit/Update 20250416 15:20 UTC:
      It appears the public uproar got to them. According to a nextgov article by David DiMolfetta the contract has been extended by 11 months on short notice just hours before it expired...

      Imo the events of the past 24 hours will leave their mark. It has become very clear that relying on the US government for such critical infrastructure is not a sustainable approach. I'm certain (or at least I hope) that other governments (i.e. EU) will draw appropriate consequences and build their own infrastructure to take over if needed. The US is really giving up their influence on the world at large at an impressive pace.

      55 votes

    30. Immersive Labs "Haunted Halloween" Challenges 2023

      Text 170 words
      Hey everyone! Just wanted to share that Immersive Labs has rolled out their "Haunted Halloween" challenges for 2023. For those unfamiliar, Immersive Labs offers a platform for interactive,...

      Hey everyone! Just wanted to share that Immersive Labs has rolled out their "Haunted Halloween" challenges for 2023. For those unfamiliar, Immersive Labs offers a platform for interactive, gamified learning in the realm of cybersecurity. They've been known to host challenges that test and enhance cyber skills.

      You can sign up for free using code HAUNTEDHOLLOW to try it out hubs.ly/Q026LTZV0.

      Now, I'm not posting this solely out of altruism. I could use some help on the 'Mirrored Mayhem' task.

      Spoiler Alert: Details about the challenge below I've managed to get the RCE. I've crafted a PNG and successfully executed remote code. However, I'm only able to find the 'webapp-token'. I'm at a loss when it comes to the 'user-token' or 'root-token'. The 'whats in the mirror?' file isn't giving me any leads either. I've also got a username/password from it but can't figure out where to use them.

      Would appreciate any pointers or hints from anyone who's tackled this challenge. Thanks in advance!

      4 votes