CIRCL (Computer Incident Response Center Luxembourg)

TR-97 - Supply Chain Compromise Propagating Through the npm Ecosystem (Shai-Hulud) CIRCL TR-07 - https://lnkd.in/eR9CQBsw CSSF also published an alert - https://lnkd.in/e37QTdBr Commission de Surveillance du Secteur Financier (CSSF) #vulnerability #cybersecurity #infosec #npm #supplychainattack

📚The Fondation Restena has released a new tip sheet to support institutions with low budgets in setting-up a high-performing Security Operations Centre (#SOC). 👉 Read, share or ask for printed copies for yourself or your colleagues! 📌 ‘Set-up an affordable SOC’ is the seventh tip sheet of its series of publications for #research & #education stakeholders in #Luxembourg as part of Restena awareness-raising activities on computer security issues and the LuCySe4RE project. ❓ Do you know about LuCySe4RE? It is an EU-funded project aiming to improve protection against the cybersecurity risks faced by the Luxembourg research and education community! ℹ https://lnkd.in/ee9nmKsa

MISP v2.5.27 - released with new features and various fixes This release delivers important new modules, major internal performance optimisations, updates to validation logic, and several security fixes. A large amount of work focused on improving JSON handling, filter pipelines, encoding performance, and overall system robustness. https://lnkd.in/eQ86JHaC #opensource #cybersecurity #misp #threatintelligence #threatintel #informationsharing

We’ve published new research from the EU co-funded project NGSOTI: “Learning from large-scale IPv4 blackhole: Behavioral analysis of SNMP traffic”. Over a 12-month period (Nov 2024–Oct 2025), our network telescope captured ~634 million unsolicited SNMP queries from more than 153,000 unique IPv4 sources scanning an unused /18 block. The origins of the traffic are globally distributed, with notable concentrations from Indonesia, China, the United States, Germany, Chile and others, as well as a few outliers generating unusually high volumes. A significant portion of the scanning activity can also be attributed to infrastructure belonging to commercial threat-intelligence and scanning companies, providing useful context on what constitutes “expected” background noise. The analysis covers SNMP version usage (v1/v2c overwhelmingly dominant, minimal v3), community-string patterns (default, weak, and undocumented strings), and OIDs that point to which device vendors are most scanned. This dataset provides insight into real-world reconnaissance trends targeting SNMP-capable infrastructure, helping defenders better understand background noise and scanning behaviours. 🔗 Full report: https://lnkd.in/exDi6Kn8 🔗 PDF version: https://lnkd.in/e_vVd_ry Co-funded by European Cybersecurity Competence Centre (ECCC) under the NGSOTI project. #cybersecurity #networkanalysis #cybersecurity #snmp #network #internet #dfir

Workshop Follow-up: Advisories for Online Services During our last workshop in Luxembourg on November 24th, a question was raised by a GNA (GCVE Numbering Authorities) regarding the ability to record and publish security advisories for online services. We quickly reviewed the Common Vulnerabilities and Exposures (CVE) record format as used in BCP-05 and identified the following challenges when describing vulnerabilities in online services... For more details and discussion - https://lnkd.in/eChxP-3q #vulnerabilitymanagement #vulnerability #cve #gcve #cybersecurity #infosec

Well, this could be interesting to share observations in Europe with all the drones hovering our airports and other places these days... Kudos MISP Project (@misp@misp-community.org ) and the contributors Enes Ayata Paul Jung and Bilal Khan!

Major Update to MISP Modules v3.0.3 Release Notes (2025-11-19) * Nextcloud Talk Action Module: A new action module has been added to integrate with Nextcloud Talk, developed during the 2025 hackathon.lu. * Any.Run Sandbox Integration: Implemented sandbox import and expansion modules, including an API wrapper, for enhanced integration with Any.Run. * AssemblyLine Module Updates & Refactor: Enhanced the `AssemblyLine` module with a new API wrapper for improved authentication, submission handling, query management, and error handling. * OpenAPI Interface and Swagger UI: Added functionality to expose the OpenAPI specification and Swagger UI for the `misp-modules` service, improving API discoverability. * Rapid7 AttackerKB CVE Lookup Module: Integrated a new expansion module for looking up CVE information using Rapid7 AttackerKB. * SophosLabs Intelix Update: Fixed template issues, improved readability, and added region support to the SophosLabs Intelix Expansion module. * CrowdStrike Falcon Metadata Capture: Added basic metadata capture for the Falcon expansion module. 🔗 https://lnkd.in/e_sHSGPm ANY.RUN CrowdStrike Sophos Rapid7 #opensource #threatintelligence #threatintel #misp

Well, this could be interesting to share observations in Europe with all the drones hovering our airports and other places these days... Kudos MISP Project (@misp@misp-community.org ) and the contributors Enes Ayata Paul Jung and Bilal Khan!