from cedric@lemmy.ml to security@lemmy.ml on 22 Jan 2025 23:09
https://lemmy.ml/post/25089090
We are glad to announce the immediate availability of vulnerability-related observations from The Shadowserver Foundation within Vulnerability-Lookup.
This milestone wouldn’t have been possible without Piotr Kijewski. We developed a new sighting client, ShadowSight. This new client gathers vulnerability-related data directly from The Shadowserver Foundation, then reports the collected data to the Vulnerability-Lookup API as sightings.
ShadowSight leverages insights on common vulnerabilities and exploited vulnerabilities from Shadowserver’s honeypot source. Source code of ShadowSight is available:
👉 github.com/CIRCL/ShadowSight
Explore our sightings collected from this source:
- Exploited vulnerabilities (type: exploited):
vulnerability.circl.lu/sightings/?query=honeypot%… - Common vulnerabilities (type: seen):
vulnerability.circl.lu/sightings/?query=honeypot%…
The Shadowserver Foundation remains a cornerstone resource for security researchers, providing an extensive wealth of data on real-world exploits and their associated vulnerabilities, complete with daily statistics and geographical insights.
Widely used by incident response teams, security researchers, analysts, and other cybersecurity professionals, Shadowserver is recognized as a highly credible and impactful project in the cybersecurity landscape. The Shadowserver Foundation delivers particularly valuable insights into security issues, including vulnerabilities in unpatched IoT devices, various types of internet-facing services, and even services that should not be exposed to the internet.
For us, it has quickly become a reliable sources for sightings. It’s also a way to diversify our sources and improve situational awareness.
🔗 Explore all our sighting sources (such as Mastodon, Bluesky, MISP, etc.) and tools here:
👉 www.vulnerability-lookup.org/tools/#sightings
📖 References
- www.shadowserver.org
- vulnerability.circl.lu
- github.com/cve-search/vulnerability-lookup
- github.com/CIRCL/ShadowSight
- www.vulnerability-lookup.org/…/sightings.html
🤝 Contribute
If you want to benefit from more features of Vulnerability-Lookup like sharing comments, bundles, or sightings, you can create an account to the instance operated by CIRCL:
👉 vulnerability.circl.lu/user/signup
threaded - newest