CVE-2026-29771

Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart...

The NSA Has a Podcast—Here's How to Decode It

The spy agency that dared not speak its name is now the Joe Rogan of the SIGINT set. And the pod's actually worth a listen...

List of Old NSA Training Videos

The NSAs "National Cryptographic School Television Catalogue" from 1991 lists about 600 COMSEC and SIGINT training videos. There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before...

HUMINT in a cyber world

TL;DR HUMINT / Human Intelligence is gathered from a person in the location in question. It’s the sort of information we think of in the context of spying. A modern intelligence apparatus is multi-discipline with many different collection methods. HUMINT sources include officers, agents, diplomat...

CVE-2023-5676

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal SIGTERM, SIGINT or SIGHUP is received before the JVM has finished initializing...

CVE-2023-5676

CVE-2023-5676 : In Eclipse OpenJ9, prior to 0.41.0, receiving a shutdown signal (SIGTERM, SIGINT, or SIGHUP) before JVM initialization can cause the JVM to enter an infinite busy-wait on a spinlock or crash with a segmentation fault. Affected component: OpenJ9 JVM; root cause: signal handler race...

Reassessing cyberwarfare. Lessons learned in 2022

At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We left the COVID-19 crisis behind hoping for a long-awaited return to normality and were immediately plunged into the chaos and uncertainty of a twentieth-century-style military conflict that posed...

SUSE: Security Advisory (SUSE-SU-2021:3611-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service (PoC)

Exploit Title: ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service PoC Date: 2020-08-04 Exploit Author: MegaMagnus Vendor Homepage: https://www.acti.com/ Software Link: https://www.acti.com/DownloadCenter Version: V.3.0.12.42 , V.2.3.04.07 Tested on: Windows 7, Windows 10 CVE:...

Denmark, Sweden, Germany, the Netherlands and France SIGINT Alliance

This paper describes a SIGINT and code-breaking alliance between Denmark, Sweden, Germany, the Netherlands and France called Maximator: Abstract: This article is first to report on the secret European five-partner sigint alliance Maximator that started in the late 1970s. It discloses the name...

openSUSE Security Update : proftpd (openSUSE-2020-31)

This update for proftpd fixes the following issues : - GeoIP has been discontinued by Maxmind boo1156210 This update removes module build for geoip see https://support.maxmind.com/geolite-legacy-discontinuati on-notice/ - CVE-2019-19269: Fixed a NULL pointer dereference may occur when validating...

udisks2 security, bug fix, and enhancement update

2.7.3-9 - Build udisks2-lsm subpackage 1672664 - Fix sigint source removal on daemon exit 1643350 - CVE-2018-17336: Fix format string vulnerability in udiskslog 1637427 - Describe command options in the udisksctl man page 1568269...

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2019:2050-1)

This update for python3 fixes the following issues : Security issue fixed : CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459. CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrec...

SUSE-SU-2019:2050-1 Security update for python3

This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459. - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of...

Security update for bash (moderate)

This update for bash fixes the following issues: Security issues fixed: - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed bsc1001299 - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed bsc1000396 Non-security issues fixed: - Fix repeating...

SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2018:1398-1)

This update for bash fixes the following issues: Security issues fixed : - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed bsc1001299 - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed bsc1000396 Non-security issues fixed : - Fix repeating...

GNU Beep 1.3 - HoleyBeep Local Privilege Escalation

GNU Beep 1.3 - HoleyBeep Local Privilege Escalation !/usr/bin/env python3 E-DB Note https://gist.github.com/Arignir/0b9d45c56551af39969368396e27abe8/ec853f14afd6e86fb3f2efce2086e28f33039ddc E-DB Note https://sigint.sh//holeybeep This is an exploit for HoleyBeep. To use it, place any command you...

The Festive Complexities of SIGINT-Capable Threat Actors

To read the full paper and learn more about this, refer to "Walking in Your Enemy's Shadow: When Fourth-Party Collection Becomes Attribution Hell" Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt manipulation have proven enough...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2016:2090-1) (httpoxy)

This update for apache2 fixes the following issues : - It used to be possible to set an arbitrary $HTTPPROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request CVE-2016-5387. As a result, these server components would...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20150305)

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...