There is one or more zero-day in each vulnerability section. Intel takes care of the threat from ransomware, the attacker gained access to Microsoft accounts, and, as usual, a little bit about the most interesting new malware with the highest impact. Vulnerabilities: Mostly zero-days;Tools: Outlook research + new tool, OSINT, web testing and defense evasion;News: … Continue reading Lots of zero-day vulnerabilities, and how’s your start of the year?
At the beginning of the year there is not much news, but we were able to collect a digest with the loudest and coolest news. Vulnerabilities: Zyxel fail, cool bug in Google docs and new side-channel attack, + it's recommended to patch Nvidia drivers;Tools: Offensive staff only;News: Julian Assange, whatsapp transfers your data directly to … Continue reading Hardcoded account in Zyxel, whatsapp user’s data → facebook and news about Julian Assange
Microsoft is surprised that they do not fix vulnerability zero with the existing PoC and there has been an exploit for the previous version of the bug for a long time. It is useless to post information about the SolarWinds hack, because there are too many of them and new facts (vulnerabilities) keep appearing. In … Continue reading Available Microsoft 0-day , new SolarWinds vulnerability and others
The last monthly digest this year turned out to be intense and interesting. There was a lot of news about various hacks and attacks, new methods of attacks were invented and new malware was discovered. Bottom line of this month: supply chain attacks exist and the secure Security Development Lifecycle is VERY IMPORTANT! Vulnerabilities: Apple … Continue reading Monthly digest not just about FireEye and SolarWinds hacks
Lots of buzz about the FireEye hack this week, but most hack news is often a consequence of the lack of a vulnerability management process. Also this week a lot of vulnerabilities were found in Internet protocols and even Steam games. In our digests we try to show the most significant and interesting news for … Continue reading Tuesday patch with Kerberos, bunch of vulnerabilities and security breaches
The last couple of weeks are not so much cool news, but we have selected the most interesting and useful. In the contents you can find a short description for each section. Vulnerabilities: IOS research, android apps (check yours) and weblogic (again);Tools: Usefull tools. Depix and Karkinos should be tested;News: Only malware. IOS, Trickbot and … Continue reading Impressive IOS research, vulnerable android apps and malware news
There are no zero-day vulnerabilities or new headliners in this digest. But there are new tool updates and different news + research. Vulnerabilities: No zero-day, only emergency update for Drupal and cPanel, couple exploits for routers;Tools: Update powerfull intellegence tool and others;News: Tesla hacked! Next story about Sopra Steria and malware actions. Baidu was deleted … Continue reading Digest without zero-day, with malware and Tesla news
Apple recently released its new OS Bg Sur and immediately started fixing vulnerabilities. Also, undocumented features were found in new platform. Cisco is fixing vulnerabilities in its products strangely. Pair of funny tools and a couple of interesting stories in news section. Vulnerabilities: Cisco story, "bugs" in messagers and ICS;Tools: Bloodhound continues to be updated, … Continue reading Cisco stories, ICS and Apple features
There are many zero-day vulnerabilities this month that were only recently patched. Most helpful tools and news. We also decided to add a section on what's new for Vulners this month. Vulners events: Our strongest vulnerability database, which is convenient to work with, is regularly updated and gets better;Vulnerabilities: Google is updating its zero-days non-stop, … Continue reading Zero-Day Vulnerability Month, new Vulners events and malware
It's over! We updated our Elasticsearch from version 6.8 to 7.10! The latest version of ElasticSearch appeared on 11.11! We use elastic stack in our service + several other technologies. We also try to keep the concept of "stay on latest" and constantly get better. For us, there are several main advantages of updating to … Continue reading Vulners updated ElasticSearch 7.10 – what changes for you?