LAW ENFORCEMENT SUCCESS and One patch: bunch of vulnerabilities

Recently, the number of vulnerabilities that come out in a single patch and the frequency of updates have been going up a lot. On the one hand it is great that vendors fix vulnerabilities fast enough, but on the other hand it is frightening to see more of them. Stay on the latest with Vulners! … Continue reading LAW ENFORCEMENT SUCCESS and One patch: bunch of vulnerabilities

Vulnerability patches and news pack for those who rarely update their software

Several packs of vulnerabilities from the most important buckets with zero-day vulnerabilities. Many of them are already being exploited in the wild. The news section shows the consequences of not installing important updates on time. If your software is in this digest - update it urgently. Vulnerabilities: Microsoft patch, Google 10th zero-day, Apple patch;Tools: DNSTake, … Continue reading Vulnerability patches and news pack for those who rarely update their software

Build exploits for zero-days and try to test their Confluence

Over the past week, the main zero-day vulnerabilities with unreleased patches from Microsoft, which, as usual, very quickly began to be exploited in the wild. And a couple of demonstrative news about why it is worth fixing vulnerabilities in your networks as quickly as possible. Vulnerabilities: Microsoft unpatched fail with exploit/PoC, Netgear devices, Android and … Continue reading Build exploits for zero-days and try to test their Confluence

Non-hype vulnerabilities and news in Vulners monthly review

Microsoft in our weekly digests of this month. Traditionally, it was collected underestimated and unmentioned vulnerabilities with the news of the past month. There will be vulnerabilities in Kindle and Trend Micro, and news about hackers in white hat and new trends in attacking guys.*All information was harvested by the author's hands via Vulners DB … Continue reading Non-hype vulnerabilities and news in Vulners monthly review

RCE with exploit in Confluence Server and Confluence Data Center (CVE-2021-26084)

On August 25, Atlassian reported a critical Remote Code Execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability allows an authenticated user, and in some cases an unauthenticated user, to execute arbitrary code in Confluence Server and Confluence Data Center. Today, September 1, an article was published with a research of the vulnerability … Continue reading RCE with exploit in Confluence Server and Confluence Data Center (CVE-2021-26084)