Several vendor’s emergency patches, Kubernetes alarms and others

The second week of the month traditionally increases the amount of work for IT services in companies. Lots of zero-day vulnerabilities from several major vendors. Also, malware news. After all, not every day attackers use Kubernetes for mining. Read more about other threats Vulnerabilities: Microsoft, Intel and Chrome with tons of patches + critical for … Continue reading Several vendor’s emergency patches, Kubernetes alarms and others

Monthly Vulners Review with TOP vulnerabilities and news

This month, Vulners published new functionality for auditing Linux CentOS via Errata plugin (like RHEL). After that, we updated our new docs and wrote current monthly review of the top news. This month was full of zero-day, critical patches (not for everyone) and many different hacks with information security news. Vulnerabilities: Mobile processors, Realtek, Cisco, … Continue reading Monthly Vulners Review with TOP vulnerabilities and news

Install relevant security updates for CentOS with Errata plugin from Vulners

The Vulners team presents an additional auditing method for Linux CentOS distributions of versions 7 and 8 via errata for centos. Errata is a yum-plugin-security for installing only security updates/patching individual vulnerabilities on Linux systems. What is the point of installing ALL UPDATES every time? Let's tell you more. Free CentOS errata from Vulners Introduction … Continue reading Install relevant security updates for CentOS with Errata plugin from Vulners

Only critical vulnerabilities of the week and the newest attacks

Too many updates from the same vendors come out every month. Either the developers make more mistakes in the development process, or security researchers have begun to actively improve their own competencies. For example, Apple releases updates almost every week. As follows from the news section, attackers regularly use such vulnerabilities in their attacks. Why … Continue reading Only critical vulnerabilities of the week and the newest attacks

More ransomware and more zero-days every week

Not much big news this week. Mainly ransomware attacks, which are actively expanding and the main vulnerabilities of the past week. Vulnerabilities: New PoC / Exploit for iis, car vulnerabilities and few zero-days for Android;Tools: Pentest tools;News: Ransomware activity, more info about February incident and FBI alert;Research: Have you ever try to dump svchost? AD … Continue reading More ransomware and more zero-days every week

Too many vulnerabilities on one Tuesday from 2 vendors, not to mention zero-days

Almost every week there is a new vulnerability pack with a new name, this time it's Frag Attacks (wi-fi). Another Microsoft patch has been released - there will be exploits soon. Also, a huge number of Adobe design and office products have been patched. Attackers through ransomware are becoming more and more vicious, for example, … Continue reading Too many vulnerabilities on one Tuesday from 2 vendors, not to mention zero-days

New vulnerable pack, undetectable malware and MITRE 3 round tests

Another urgent update has appeared for apple products. However, 21 vulnerabilities in Exim mail servers were recognized as the leader of the past week. Recently, our news section consists of the most interesting malware, but how else? Also, don't forget to check the research section, there are some materials on the latest MITER test. Vulnerabilities: … Continue reading New vulnerable pack, undetectable malware and MITRE 3 round tests

More malware with new vulnerabilities in the wild in the monthly digest

In the last month, almost every week we wrote about new zero-day vulnerabilities, soon Apple and Chrome are updating almost every day + their vulnerabilities are exploited in the wild. We usually don't write so much about malware, but this month there is too much of it and it is closely related to critical vulnerabilities, … Continue reading More malware with new vulnerabilities in the wild in the monthly digest

Typical zero-days and new malware features, what else is required?

All of the vulnerabilities mentioned in the post are critical, some of them zero-day vulnerabilities that need to be urgently updated in their own products. For the second week, our news consists of malwares that are hijacking new targets (like Apple contractor) and actively evacuating. Vulnerabilities: zero-day in PulseSecure, SonicWall and Chrome, but some of … Continue reading Typical zero-days and new malware features, what else is required?

New pack of vulnerabilities in TCP/IP stack, malware evolution and consequences of the Pwn2Own

In addition to the monthly update from Microsoft, a new set of critical vulnerabilities in the TCP/IP stack appeared this week. Also, some researchers are publishing exploits from Pwn2Own competitions. Not much bright news, but we've gathered the most significant and useful ones! Vulnerabilities: Microsoft monthly patch, pack of critical vulnerabilities in TCP/IP stack, regular … Continue reading New pack of vulnerabilities in TCP/IP stack, malware evolution and consequences of the Pwn2Own