Hardcoded account in Zyxel, whatsapp user’s data → facebook and news about Julian Assange

At the beginning of the year there is not much news, but we were able to collect a digest with the loudest and coolest news. Vulnerabilities: Zyxel fail, cool bug in Google docs and new side-channel attack, + it's recommended to patch Nvidia drivers;Tools: Offensive staff only;News: Julian Assange, whatsapp transfers your data directly to … Continue reading Hardcoded account in Zyxel, whatsapp user’s data → facebook and news about Julian Assange

Available Microsoft 0-day , new SolarWinds vulnerability and others

Microsoft is surprised that they do not fix vulnerability zero with the existing PoC and there has been an exploit for the previous version of the bug for a long time. It is useless to post information about the SolarWinds hack, because there are too many of them and new facts (vulnerabilities) keep appearing. In … Continue reading Available Microsoft 0-day , new SolarWinds vulnerability and others

Monthly digest not just about FireEye and SolarWinds hacks

The last monthly digest this year turned out to be intense and interesting. There was a lot of news about various hacks and attacks, new methods of attacks were invented and new malware was discovered. Bottom line of this month: supply chain attacks exist and the secure Security Development Lifecycle is VERY IMPORTANT! Vulnerabilities: Apple … Continue reading Monthly digest not just about FireEye and SolarWinds hacks

Tuesday patch with Kerberos, bunch of vulnerabilities and security breaches

Lots of buzz about the FireEye hack this week, but most hack news is often a consequence of the lack of a vulnerability management process. Also this week a lot of vulnerabilities were found in Internet protocols and even Steam games. In our digests we try to show the most significant and interesting news for … Continue reading Tuesday patch with Kerberos, bunch of vulnerabilities and security breaches

Impressive IOS research, vulnerable android apps and malware news

The last couple of weeks are not so much cool news, but we have selected the most interesting and useful. In the contents you can find a short description for each section. Vulnerabilities: IOS research, android apps (check yours) and weblogic (again);Tools: Usefull tools. Depix and Karkinos should be tested;News: Only malware. IOS, Trickbot and … Continue reading Impressive IOS research, vulnerable android apps and malware news

Digest without zero-day, with malware and Tesla news

There are no zero-day vulnerabilities or new headliners in this digest. But there are new tool updates and different news + research. Vulnerabilities: No zero-day, only emergency update for Drupal and cPanel, couple exploits for routers;Tools: Update powerfull intellegence tool and others;News: Tesla hacked! Next story about Sopra Steria and malware actions. Baidu was deleted … Continue reading Digest without zero-day, with malware and Tesla news

Cisco stories, ICS and Apple features

Apple recently released its new OS Bg Sur and immediately started fixing vulnerabilities. Also, undocumented features were found in new platform. Cisco is fixing vulnerabilities in its products strangely. Pair of funny tools and a couple of interesting stories in news section. Vulnerabilities: Cisco story, "bugs" in messagers and ICS;Tools: Bloodhound continues to be updated, … Continue reading Cisco stories, ICS and Apple features

Zero-Day Vulnerability Month, new Vulners events and malware

There are many zero-day vulnerabilities this month that were only recently patched. Most helpful tools and news. We also decided to add a section on what's new for Vulners this month. Vulners events: Our strongest vulnerability database, which is convenient to work with, is regularly updated and gets better;Vulnerabilities: Google is updating its zero-days non-stop, … Continue reading Zero-Day Vulnerability Month, new Vulners events and malware

Vulners updated ElasticSearch 7.10 – what changes for you?

It's over! We updated our Elasticsearch from version 6.8 to 7.10! The latest version of ElasticSearch appeared on 11.11! We use elastic stack in our service + several other technologies. We also try to keep the concept of "stay on latest" and constantly get better. For us, there are several main advantages of updating to … Continue reading Vulners updated ElasticSearch 7.10 – what changes for you?

Digest with vulnerabilities, emergency updates and attack subjects

Zero-day vulnerabilities are not diminishing, and those that are already actively used in attacking actions. Quick release update - great! A lot of updates is not great! Vulnerabilities: Apple critical update, zero-day from Google, FireEye reports and etc;Tools: Promising tools that surprise with their growth;News: Twitter bot, some attacks and hacker cup;Research: Useful staff for … Continue reading Digest with vulnerabilities, emergency updates and attack subjects