Dr. Christopher Kunz
@christopherkunz.bsky.social
Security and compliance nerd, sword fighter. Opinions are my own, not my employer's.
Other social media profiles:
Mastodon: @[email protected]
LinkedIn: https://www.linkedin.com/in/christopherkunz/
Other social media profiles:
Mastodon: @[email protected]
LinkedIn: https://www.linkedin.com/in/christopherkunz/
The "ls -laR" of the Red Hat data breach by Scattered Lapsus$ Hunters -- err Crimson Collective -- is, put into a text file, 2 GB. That's a heck of a breach.
% wc -l REDHAT_GIT_LS.txt
37665671 REDHAT_GIT_LS.txt
% wc -l REDHAT_GIT_LS.txt
37665671 REDHAT_GIT_LS.txt
October 6, 2025 at 1:54 PM
The "ls -laR" of the Red Hat data breach by Scattered Lapsus$ Hunters -- err Crimson Collective -- is, put into a text file, 2 GB. That's a heck of a breach.
% wc -l REDHAT_GIT_LS.txt
37665671 REDHAT_GIT_LS.txt
% wc -l REDHAT_GIT_LS.txt
37665671 REDHAT_GIT_LS.txt
OK, interesting day so far. A lot of different ideas, initiatives and possible solutions to the MITRE CVE blackout are being floated and I kind of lost track. So I wrote it down here: heise.de/-10354564
Time will tell what happens, and I'll update the article as soon as official info is out.
Time will tell what happens, and I'll update the article as soon as official info is out.
After the impending CVE blackout: EU vulnerability database goes live
European cybersecurity authority ENISA, its US-counterpart CISA and others are positioning themselves to maintain continuity.
heise.de
April 16, 2025 at 3:12 PM
OK, interesting day so far. A lot of different ideas, initiatives and possible solutions to the MITRE CVE blackout are being floated and I kind of lost track. So I wrote it down here: heise.de/-10354564
Time will tell what happens, and I'll update the article as soon as official info is out.
Time will tell what happens, and I'll update the article as soon as official info is out.
Interessanter Tag mit vielen Ideen und neuen Konzepten (und sogar einer neuen Schwachstellendatenbank) zu CVE/MITRE. Ich habe das Ganze mal mit dem Stand von ca. 16h aufgeschrieben:
heise.de/-10354324
Wenn sich was tut, versuche ich noch zu updaten.
heise.de/-10354324
Wenn sich was tut, versuche ich noch zu updaten.
Nach drohendem CVE-Aus: Schwachstellendatenbank der EU geht an den Start
Neben der EU-Cybersicherheitsbehörde ENISA positionieren sich unter anderem eine CVE-Stiftung und die US-Behörde CISA, um die Kontinuität zu wahren.
heise.de
April 16, 2025 at 3:11 PM
Interessanter Tag mit vielen Ideen und neuen Konzepten (und sogar einer neuen Schwachstellendatenbank) zu CVE/MITRE. Ich habe das Ganze mal mit dem Stand von ca. 16h aufgeschrieben:
heise.de/-10354324
Wenn sich was tut, versuche ich noch zu updaten.
heise.de/-10354324
Wenn sich was tut, versuche ich noch zu updaten.
I have upgraded the Insecurity Appliance Bingo to reflect the recent FortiNet advisory about a persistent backdoor. I also decided to include the Palo Alto Auth bypass CVE-2025-0108 in the bingo although it's not a "critical" (but barely). It is being actively exploited.
cku.gt/appbingo25
cku.gt/appbingo25
April 15, 2025 at 12:24 PM
I have upgraded the Insecurity Appliance Bingo to reflect the recent FortiNet advisory about a persistent backdoor. I also decided to include the Palo Alto Auth bypass CVE-2025-0108 in the bingo although it's not a "critical" (but barely). It is being actively exploited.
cku.gt/appbingo25
cku.gt/appbingo25
Reposted by Dr. Christopher Kunz
Hallo @spiegel.de, es ist übrigens auch false Balancing, alles, wogegen rechte Spinner schimpfen, als "umstritten" zu framen. Le Pen wurde nach geltendem Recht verurteilt, nur weil in Faschisten-Kneipen dagegen gewettert wird, steht dieses Urteil nicht in Zweifel.
www.spiegel.de/ausland/le-p...
www.spiegel.de/ausland/le-p...
Le Pen: Berufungsgericht will 2026 über Unwählbarkeit entscheiden
Kann Rechtspopulistin Marine Le Pen doch noch bei den französischen Präsidentschaftswahlen 2027 antreten? Nach dem umstrittenen Kandidaturverbot kündigt das zuständige Gericht ein zügiges Berufungsver...
www.spiegel.de
April 1, 2025 at 7:15 PM
Hallo @spiegel.de, es ist übrigens auch false Balancing, alles, wogegen rechte Spinner schimpfen, als "umstritten" zu framen. Le Pen wurde nach geltendem Recht verurteilt, nur weil in Faschisten-Kneipen dagegen gewettert wird, steht dieses Urteil nicht in Zweifel.
www.spiegel.de/ausland/le-p...
www.spiegel.de/ausland/le-p...
Das Testmuster liegt noch vor mir auf dem Tisch, ganz überzeugt war ich allerdings nicht. Mein guter alter Flipper ist mir dann doch näher. Habt Ihr interessante Spielereien mit dem T-Embed CC1101 (und Bruce/Capibara) auf Lager?
Der Erfolg des Hacking-Gadgets Flipper Zero lockt Nachahmer. Einer davon ist der Lilygo T-Embed CC1101, der nur ein Viertel kostet und schon WLAN enthält. #Hardware
heise+ | Hacking-Gadget im Test: Lilygo T-Embed CC1101
Der Erfolg des Hacking-Gadgets Flipper Zero lockt Nachahmer. Einer davon ist der Lilygo T-Embed CC1101, der nur ein Viertel kostet und schon WLAN enthält.
www.heise.de
April 2, 2025 at 9:22 AM
Das Testmuster liegt noch vor mir auf dem Tisch, ganz überzeugt war ich allerdings nicht. Mein guter alter Flipper ist mir dann doch näher. Habt Ihr interessante Spielereien mit dem T-Embed CC1101 (und Bruce/Capibara) auf Lager?
At long last (two weeks without a critical vuln!), there's a new insecurity appliance entry. And it's... *drumroll* Ivanti again! With an almost classic Auth RCE due to a stack-based buffer overflow (CVE-2024-22467), they are creeping into Bingo territory. Only two more cells to go!
February 12, 2025 at 8:24 AM
At long last (two weeks without a critical vuln!), there's a new insecurity appliance entry. And it's... *drumroll* Ivanti again! With an almost classic Auth RCE due to a stack-based buffer overflow (CVE-2024-22467), they are creeping into Bingo territory. Only two more cells to go!
heise.de/-10257031 Firmware- und Bootloader-Bugs. Aber alle nicht "kritisch", daher füge ich sie erst einmal nicht ins Bingo-Sheet ein. Wenn jetzt natürlich jemand diese Bugs mit einem anderen verketten und eine Exploitchain mit persistenter Backdoor bauen würde...
Palo-Alto: Sicherheitslücken in Firmware und Bootloadern von Firewalls
Die Firmware und Bootloader von einigen Palo-Alto-Firewalls weisen Sicherheitslecks auf, die Angreifern das Einnisten nach Angriffen ermöglichen.
heise.de
January 27, 2025 at 8:47 AM
heise.de/-10257031 Firmware- und Bootloader-Bugs. Aber alle nicht "kritisch", daher füge ich sie erst einmal nicht ins Bingo-Sheet ein. Wenn jetzt natürlich jemand diese Bugs mit einem anderen verketten und eine Exploitchain mit persistenter Backdoor bauen würde...
We have a new entry in the #2025securitybingo - SonicWall has an interesting RCE opportunity in their SMA1000 series. 9.8/10, that merits inclusion on my bingo card.
Three vendors down, three to go. We're halfway there!
Three vendors down, three to go. We're halfway there!
January 23, 2025 at 3:22 PM
We have a new entry in the #2025securitybingo - SonicWall has an interesting RCE opportunity in their SMA1000 series. 9.8/10, that merits inclusion on my bingo card.
Three vendors down, three to go. We're halfway there!
Three vendors down, three to go. We're halfway there!
A Series Of Unfortinet Events:
There's a bunch of new CVEs, at least one of them critical. There's an attack campaign against unsecured web UIs. Aaaand there's a leak of fifteen thousand config files plus VPN passwords. I took a closer look here: www.heise.de/en/news/Unkn...
There's a bunch of new CVEs, at least one of them critical. There's an attack campaign against unsecured web UIs. Aaaand there's a leak of fifteen thousand config files plus VPN passwords. I took a closer look here: www.heise.de/en/news/Unkn...
January 15, 2025 at 6:29 PM
A Series Of Unfortinet Events:
There's a bunch of new CVEs, at least one of them critical. There's an attack campaign against unsecured web UIs. Aaaand there's a leak of fifteen thousand config files plus VPN passwords. I took a closer look here: www.heise.de/en/news/Unkn...
There's a bunch of new CVEs, at least one of them critical. There's an attack campaign against unsecured web UIs. Aaaand there's a leak of fifteen thousand config files plus VPN passwords. I took a closer look here: www.heise.de/en/news/Unkn...
Latest version of the 2025 (in)security appliance bingo adds CVE-2024-55591 / FG-IR-24-535 to the list. Thanks to watchTowr for reporting it, and thanks to various Fediverse users for alerting me to it. cku.gt/appbingo25
FortiNet admins: Go and patch your stuff. This is being exploited ITW.
FortiNet admins: Go and patch your stuff. This is being exploited ITW.
January 15, 2025 at 7:54 AM
Latest version of the 2025 (in)security appliance bingo adds CVE-2024-55591 / FG-IR-24-535 to the list. Thanks to watchTowr for reporting it, and thanks to various Fediverse users for alerting me to it. cku.gt/appbingo25
FortiNet admins: Go and patch your stuff. This is being exploited ITW.
FortiNet admins: Go and patch your stuff. This is being exploited ITW.
I have seen numerous news items about the purported "new PayPal account takeover attack".
To any of the people who wrote said items: Have you tried the attack vector?
I have, and I cannot reproduce the attack. There are various screen shots here: heise.de/-10234666
Is this a hoax? Fixed?
To any of the people who wrote said items: Have you tried the attack vector?
I have, and I cannot reproduce the attack. There are various screen shots here: heise.de/-10234666
Is this a hoax? Fixed?
Does a new phishing scam allow PayPal accounts to be taken over?
In a blog article, a victim describes the criminals' approach. It cannot be traced, but Paypal may have already reacted.
heise.de
January 10, 2025 at 8:40 AM
I have seen numerous news items about the purported "new PayPal account takeover attack".
To any of the people who wrote said items: Have you tried the attack vector?
I have, and I cannot reproduce the attack. There are various screen shots here: heise.de/-10234666
Is this a hoax? Fixed?
To any of the people who wrote said items: Have you tried the attack vector?
I have, and I cannot reproduce the attack. There are various screen shots here: heise.de/-10234666
Is this a hoax? Fixed?
Last bingo post for today, I promise.
I fleshed this out a little more. You can find the (In)Security Appliance Bingo 2025 in proper, two-dimensional form here:
cku.gt/appbingo25
Suggestions and submissions very welcome.
I fleshed this out a little more. You can find the (In)Security Appliance Bingo 2025 in proper, two-dimensional form here:
cku.gt/appbingo25
Suggestions and submissions very welcome.
January 9, 2025 at 2:30 PM
Last bingo post for today, I promise.
I fleshed this out a little more. You can find the (In)Security Appliance Bingo 2025 in proper, two-dimensional form here:
cku.gt/appbingo25
Suggestions and submissions very welcome.
I fleshed this out a little more. You can find the (In)Security Appliance Bingo 2025 in proper, two-dimensional form here:
cku.gt/appbingo25
Suggestions and submissions very welcome.
(In)Security appliance critical vuln list, 2025 edition, first issue, v3:
✅ SonicWall
❌ Ivanti
✅ Cisco
✅ Sophos
✅ FortiGate
✅ Palo Alto
(X means pwned, check mark means "not pwned yet".)
Only new vulns, only critical vulns. Vendor CVSS score counts unless it's clearly wrong.
✅ SonicWall
❌ Ivanti
✅ Cisco
✅ Sophos
✅ FortiGate
✅ Palo Alto
(X means pwned, check mark means "not pwned yet".)
Only new vulns, only critical vulns. Vendor CVSS score counts unless it's clearly wrong.
January 9, 2025 at 1:42 PM
(In)Security appliance critical vuln list, 2025 edition, first issue, v3:
✅ SonicWall
❌ Ivanti
✅ Cisco
✅ Sophos
✅ FortiGate
✅ Palo Alto
(X means pwned, check mark means "not pwned yet".)
Only new vulns, only critical vulns. Vendor CVSS score counts unless it's clearly wrong.
✅ SonicWall
❌ Ivanti
✅ Cisco
✅ Sophos
✅ FortiGate
✅ Palo Alto
(X means pwned, check mark means "not pwned yet".)
Only new vulns, only critical vulns. Vendor CVSS score counts unless it's clearly wrong.
(In)Security appliance critical vuln list, 2025 edition, first issue, v2:
❌ SonicWall
❌ Ivanti
✅ Cisco
✅ Sophos
✅ FortiGate
✅ Palo Alto
(X means pwned, check mark means "not pwned yet".)
Only new vulns, only critical vulns. Vendor CVSS score counts unless it's clearly wrong.
❌ SonicWall
❌ Ivanti
✅ Cisco
✅ Sophos
✅ FortiGate
✅ Palo Alto
(X means pwned, check mark means "not pwned yet".)
Only new vulns, only critical vulns. Vendor CVSS score counts unless it's clearly wrong.
January 9, 2025 at 1:35 PM
(In)Security appliance critical vuln list, 2025 edition, first issue, v2:
❌ SonicWall
❌ Ivanti
✅ Cisco
✅ Sophos
✅ FortiGate
✅ Palo Alto
(X means pwned, check mark means "not pwned yet".)
Only new vulns, only critical vulns. Vendor CVSS score counts unless it's clearly wrong.
❌ SonicWall
❌ Ivanti
✅ Cisco
✅ Sophos
✅ FortiGate
✅ Palo Alto
(X means pwned, check mark means "not pwned yet".)
Only new vulns, only critical vulns. Vendor CVSS score counts unless it's clearly wrong.
(In)Security appliance critical vuln list, 2025 edition, first issue:
❌ SonicWall
❌ Ivanti
✅ Cisco
✅ Sophos
✅ FortiGate
(X means pwned, check mark means "not pwned yet".)
❌ SonicWall
❌ Ivanti
✅ Cisco
✅ Sophos
✅ FortiGate
(X means pwned, check mark means "not pwned yet".)
January 9, 2025 at 10:13 AM
(In)Security appliance critical vuln list, 2025 edition, first issue:
❌ SonicWall
❌ Ivanti
✅ Cisco
✅ Sophos
✅ FortiGate
(X means pwned, check mark means "not pwned yet".)
❌ SonicWall
❌ Ivanti
✅ Cisco
✅ Sophos
✅ FortiGate
(X means pwned, check mark means "not pwned yet".)
In a blog article, FortiNet CISO Carl Windsor claims that phishers can hijack legitimate Paypal accounts by sending payment requests. I cannot reproduce this claim on my own accounts. Anyone been able to reproduce? www.fortinet.com/blog/threat-...
Phish-free PayPal Phishing | FortiGuard Labs
An example of a recent phishing attempt and how to spot the obvious phishing tell-tales.…
www.fortinet.com
January 9, 2025 at 8:46 AM
In a blog article, FortiNet CISO Carl Windsor claims that phishers can hijack legitimate Paypal accounts by sending payment requests. I cannot reproduce this claim on my own accounts. Anyone been able to reproduce? www.fortinet.com/blog/threat-...
I don't know who needs to read this, but the lighter used by Indiana Jones in The Great Circle is an Imco Triplex. I was going to post a picture of me holding mine, but I didn't want my fingerprints duplicated.
January 6, 2025 at 4:54 PM
I don't know who needs to read this, but the lighter used by Indiana Jones in The Great Circle is an Imco Triplex. I was going to post a picture of me holding mine, but I didn't want my fingerprints duplicated.
Happy new year, everyone! I hope you all got over New year's eve in one piece, didn't get the "Congress Plague" after 38C3 and are adhering to the 6-2-1 rule. It's valid outside Congress, too! #38C3
January 6, 2025 at 4:53 PM
Happy new year, everyone! I hope you all got over New year's eve in one piece, didn't get the "Congress Plague" after 38C3 and are adhering to the 6-2-1 rule. It's valid outside Congress, too! #38C3
They really handed out USB keys at a security conference. #38C3 #FlippyRAM
December 30, 2024 at 11:31 AM
They really handed out USB keys at a security conference. #38C3 #FlippyRAM
Hot of the press: #FragDenStaat newspapers #38C3
December 29, 2024 at 7:06 PM
Hot of the press: #FragDenStaat newspapers #38C3
From 38C3 assembly area: „FSB agent, fuck off“
December 29, 2024 at 1:07 PM
From 38C3 assembly area: „FSB agent, fuck off“
Tag 2 des #38C3 beginnt... neblig. Aber das ist wohl Teil des Lokalkolorits. Heute um 18h sende ich den "Passwort"-Podcast live aus dem Sendezentrum (Saal X) - mal sehen, wie das wird und wer vorbeikommt. :-)
December 28, 2024 at 9:25 AM
Tag 2 des #38C3 beginnt... neblig. Aber das ist wohl Teil des Lokalkolorits. Heute um 18h sende ich den "Passwort"-Podcast live aus dem Sendezentrum (Saal X) - mal sehen, wie das wird und wer vorbeikommt. :-)
Various sites in Germany were attacked by NoName dDoS conglomerate and are subsequently down. The list of victims looks kinda random though.
heise.de/-10202915
heise.de/-10202915
DDoS campaign: Cyber criminals paralyze German company websites
Various groups with links to Russia have indiscriminately attacked German companies and authorities in a joint campaign. And not only with success.
heise.de
December 17, 2024 at 12:37 PM
Various sites in Germany were attacked by NoName dDoS conglomerate and are subsequently down. The list of victims looks kinda random though.
heise.de/-10202915
heise.de/-10202915
Well, there goes the contents of my X account. The platform has made it artificially harder to archive your content, so I let Cyd do this for me, too. Now I have a HTML and SQLite version to peruse whenever I want to. (Spoiler: I don't.)
December 10, 2024 at 7:50 AM
Well, there goes the contents of my X account. The platform has made it artificially harder to archive your content, so I let Cyd do this for me, too. Now I have a HTML and SQLite version to peruse whenever I want to. (Spoiler: I don't.)