Continuous patching Microsoft, tons of zero-days for one month and other “mistakes”

Month of non-stop Microsoft fixes and even if you install everything, you still remain vulnerable (PrintNightmare is a real nightmare). There were also many zero-days that everyone was so used to and did not have time to patch. Be sure to check the Research part of the review for a lot of useful stuff. Vulnerabilities: … Continue reading Continuous patching Microsoft, tons of zero-days for one month and other “mistakes”

Emotet come back, vulnerable PyPi packets and APT activity

Fighting well-known malware is an endless activity. This fall is not the first case of infection of packages that are actively used in the development of various software. Have you tried the new GitHub exploit yet? Vulnerabilities: DNS spoofing, Netgear SOHO routers and malicious python packets;Tools: STACS, Kubernetes-Goat and Gotanda - coold extension;News: RedCurl and … Continue reading Emotet come back, vulnerable PyPi packets and APT activity

Vulners got all exploits from GitHub

Vulners released new robot to search exploits/PoC in open-source projects on the GitHub. Enrich your vulnerability systems with new data and set up new correlation. Maybe your previous vulnerabilities will turn out to be more critical with the new parameters? The feature is available to all Enterprise subscription users. You can start testing this feature … Continue reading Vulners got all exploits from GitHub

Microsoft patch, zero-days and few attacks

The highlight of the past week is Microsoft's monthly patch. Also, take a look at the new miners for docker and malware for macOS. Vulnerabilities: Miscrorosft patch, BusyBox and Palo Alto;Tools: EXOCET, Abaddon, holehe;News: Docker miners, Robinhood compromised and attack for macOS users;Research: useful articles, cheat sheets and etc. Vulners docs Vulnerabilities Microsoft PatchTuesday Microsoft … Continue reading Microsoft patch, zero-days and few attacks

Several critical vulnerabilities, $$$ for hacker info and new attack vectors

There hasn't been much news over the past week, but we've collected the brightest. Several critical vulnerabilities and a couple of news. Noteworthy - updates of cool tools like impacket, APT-hunter and in the research section of the toolset APT groups. Vulnerabilities: GitHub exploit in the wild, Android patch and Linux kernel;Tools: APT-Hunter V2.0 release, … Continue reading Several critical vulnerabilities, $$$ for hacker info and new attack vectors

Lucky month for law enforcement, patching vulnerabilities and fighting malware

There is a lot of news this month about large-scale investigations by law enforcement agencies and other good guys. The release of decryptors undermines the ransomware business and is an effective way to combat them. Also, as usual, there were packs of updates/fixes from major vendors. Did you check out the new search in the … Continue reading Lucky month for law enforcement, patching vulnerabilities and fighting malware