@christopherkunz
Security and compliance nerd, sword fighter. Opinions are my own, not my employer's. Other social media profiles: Mastodon: @christopherkunz@chaos.social LinkedIn: https://www.linkedin.com/in/christopherkunz/
I'm looking for someone who has received one of the ominous unsolicited Instagram password reset e-mails around December 30, last year. I'd like to cross-check their Instagram data with the recent "leak". Appreciate a boost!
A recent leak of the BreachForums user table gave interesting insights into the most popular e-mail providers for Breached.
By far the most accounts are on Googlemail (n=240736), followed by Proton (n=43319). 9th most popular is DNMX (n=2077), followed by the long tail (n=12418).
Sorry, this could not wait until next #diday - I just deactivated my X account. The recent shitshow around Grok creating deepfake thirst traps is just too appalling.
Here's hoping that Bluesky won't suffer the same fate of enshittification.
Nominees for the insecurity appliance bingo 2026
Let's try and crowdsource this. A couple candidates are a given:
- Fortinet, the 2025 winner
- Ivanti, the runner-up
One comment for each vendor who you'd like to include, and I'll try to count each "like" for that comment as one vote for the vendor.
Just out of curiosity - the speaker's russian sounds very indistinct, almost slurred, to me. Is this normal colloquial Russian or does he have some kind of accent? Or is he just mumbling a little?
BINGO TIME! With CVE-2025-58034, Fortinet secures the crown in my Insecurity Appliance Bingo. This is technically a "high" severity vuln, but since it's being actively exploited and has landed a spot on CISA KEV, I'm admitting it.
cku.gt/appbingo25
๐
The "ls -laR" of the Red Hat data breach by Scattered Lapsus$ Hunters -- err Crimson Collective -- is, put into a text file, 2 GB. That's a heck of a breach.
% wc -l REDHAT_GIT_LS.txt
37665671 REDHAT_GIT_LS.txt
No need to blur the IDs, they are just transaction IDs. I neber publish images with valid PII.
Valve stated that they arenโt traceable to Steam user accounts - the only traceable info is phone numbers.
Selbst Netscape Communicator war schon ein CPU hog, IIRCโฆ
Kategorie โArtikel, deren Titel sich seit 1996 nicht geรคndert hatโ. ๐
OK, interesting day so far. A lot of different ideas, initiatives and possible solutions to the MITRE CVE blackout are being floated and I kind of lost track. So I wrote it down here: heise.de/-10354564
Time will tell what happens, and I'll update the article as soon as official info is out.
Interessanter Tag mit vielen Ideen und neuen Konzepten (und sogar einer neuen Schwachstellendatenbank) zu CVE/MITRE. Ich habe das Ganze mal mit dem Stand von ca. 16h aufgeschrieben:
heise.de/-10354324
Wenn sich was tut, versuche ich noch zu updaten.
I have upgraded the Insecurity Appliance Bingo to reflect the recent FortiNet advisory about a persistent backdoor. I also decided to include the Palo Alto Auth bypass CVE-2025-0108 in the bingo although it's not a "critical" (but barely). It is being actively exploited.
cku.gt/appbingo25
Hallo @spiegel.de, es ist รผbrigens auch false Balancing, alles, wogegen rechte Spinner schimpfen, als "umstritten" zu framen. Le Pen wurde nach geltendem Recht verurteilt, nur weil in Faschisten-Kneipen dagegen gewettert wird, steht dieses Urteil nicht in Zweifel.
www.spiegel.de/ausland/le-p...
The customer list is almost certainly comprised of domain parts of e-mail addresses. There are domains like "fakeemail123.com" in there, most freemail providers and also fbi[.]gov - it's unscrubbed stuff with lots of fake info (for free Oracle Classic Cloud test accounts, I guess).
Das Testmuster liegt noch vor mir auf dem Tisch, ganz รผberzeugt war ich allerdings nicht. Mein guter alter Flipper ist mir dann doch nรคher. Habt Ihr interessante Spielereien mit dem T-Embed CC1101 (und Bruce/Capibara) auf Lager?
At long last (two weeks without a critical vuln!), there's a new insecurity appliance entry. And it's... *drumroll* Ivanti again! With an almost classic Auth RCE due to a stack-based buffer overflow (CVE-2024-22467), they are creeping into Bingo territory. Only two more cells to go!
heise.de/-10257031 Firmware- und Bootloader-Bugs. Aber alle nicht "kritisch", daher fรผge ich sie erst einmal nicht ins Bingo-Sheet ein. Wenn jetzt natรผrlich jemand diese Bugs mit einem anderen verketten und eine Exploitchain mit persistenter Backdoor bauen wรผrde...
We have a new entry in the #2025securitybingo - SonicWall has an interesting RCE opportunity in their SMA1000 series. 9.8/10, that merits inclusion on my bingo card.
Three vendors down, three to go. We're halfway there!
Da Christian Anfall bei soviel Namensรคhnlichkeit!
A Series Of Unfortinet Events:
There's a bunch of new CVEs, at least one of them critical. There's an attack campaign against unsecured web UIs. Aaaand there's a leak of fifteen thousand config files plus VPN passwords. I took a closer look here: www.heise.de/en/news/Unkn...
Latest version of the 2025 (in)security appliance bingo adds CVE-2024-55591 / FG-IR-24-535 to the list. Thanks to watchTowr for reporting it, and thanks to various Fediverse users for alerting me to it. cku.gt/appbingo25
FortiNet admins: Go and patch your stuff. This is being exploited ITW.
So in etwa beginnt das โErwachenโ in Shadowrun IIRC: Vulkanausbrรผche in der Eifel. Next up: Ein Drache. Nicht, dass es mich noch besonders wundern wรผrdeโฆ
This sounds like they are taking the phrase "dead letter box" a little too literally.
I have seen numerous news items about the purported "new PayPal account takeover attack".
To any of the people who wrote said items: Have you tried the attack vector?
I have, and I cannot reproduce the attack. There are various screen shots here: heise.de/-10234666
Is this a hoax? Fixed?
Last bingo post for today, I promise.
I fleshed this out a little more. You can find the (In)Security Appliance Bingo 2025 in proper, two-dimensional form here:
cku.gt/appbingo25
Suggestions and submissions very welcome.
(In)Security appliance critical vuln list, 2025 edition, first issue, v3:
โ
SonicWall
โ Ivanti
โ
Cisco
โ
Sophos
โ
FortiGate
โ
Palo Alto
(X means pwned, check mark means "not pwned yet".)
Only new vulns, only critical vulns. Vendor CVSS score counts unless it's clearly wrong.
(In)Security appliance critical vuln list, 2025 edition, first issue, v2:
โ SonicWall
โ Ivanti
โ
Cisco
โ
Sophos
โ
FortiGate
โ
Palo Alto
(X means pwned, check mark means "not pwned yet".)
Only new vulns, only critical vulns. Vendor CVSS score counts unless it's clearly wrong.