LAW ENFORCEMENT SUCCESS and One patch: bunch of vulnerabilities

Recently, the number of vulnerabilities that come out in a single patch and the frequency of updates have been going up a lot. On the one hand it is great that vendors fix vulnerabilities fast enough, but on the other hand it is frightening to see more of them. Stay on the latest with Vulners! … Continue reading LAW ENFORCEMENT SUCCESS and One patch: bunch of vulnerabilities

Vulnerability patches and news pack for those who rarely update their software

Several packs of vulnerabilities from the most important buckets with zero-day vulnerabilities. Many of them are already being exploited in the wild. The news section shows the consequences of not installing important updates on time. If your software is in this digest - update it urgently. Vulnerabilities: Microsoft patch, Google 10th zero-day, Apple patch;Tools: DNSTake, … Continue reading Vulnerability patches and news pack for those who rarely update their software

Build exploits for zero-days and try to test their Confluence

Over the past week, the main zero-day vulnerabilities with unreleased patches from Microsoft, which, as usual, very quickly began to be exploited in the wild. And a couple of demonstrative news about why it is worth fixing vulnerabilities in your networks as quickly as possible. Vulnerabilities: Microsoft unpatched fail with exploit/PoC, Netgear devices, Android and … Continue reading Build exploits for zero-days and try to test their Confluence

Non-hype vulnerabilities and news in Vulners monthly review

Microsoft in our weekly digests of this month. Traditionally, it was collected underestimated and unmentioned vulnerabilities with the news of the past month. There will be vulnerabilities in Kindle and Trend Micro, and news about hackers in white hat and new trends in attacking guys.*All information was harvested by the author's hands via Vulners DB … Continue reading Non-hype vulnerabilities and news in Vulners monthly review

RCE with exploit in Confluence Server and Confluence Data Center (CVE-2021-26084)

On August 25, Atlassian reported a critical Remote Code Execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability allows an authenticated user, and in some cases an unauthenticated user, to execute arbitrary code in Confluence Server and Confluence Data Center. Today, September 1, an article was published with a research of the vulnerability … Continue reading RCE with exploit in Confluence Server and Confluence Data Center (CVE-2021-26084)

Keep in save your devices, patch critical systems and stay on the latest

Apparently this month there is a boom in vulnerabilities in various devices. Ransomware continues to be active, improving encryption methods and introducing new techniques in attacks. But even the largest vendors are determined, after all, it's not for nothing that they miss the pack of startups in recent months. Vulnerabilities: Gaming devices, Apple exploit, TOP … Continue reading Keep in save your devices, patch critical systems and stay on the latest

IOT in danger, new wiretap method and malware activity

In recent weeks, more and more vulnerabilities have been emerging for mobile devices. Cisco releases a new security patch every week. We continue to add reports from this year's major conferences and other useful materials to the Research section. Vulnerabilities: Cisco unpatched bugs, mail servers;Tools: ReverseSSH, XLMMacroDeobfuscator, Jsleak and SQLancer;News: New method and Mozi botnet … Continue reading IOT in danger, new wiretap method and malware activity

Second Tuesday patches and several attacks in weekly news

The week of the second Tuesday of the month always sees a lot of important updates from various vendors. It's been a long time since our news section was bigger than Vulnerabilities. In the Research section you will traditionally find the most useful stuff that the author couldn't pass by. Content: Vulnerabilities: Microsoft patch and … Continue reading Second Tuesday patches and several attacks in weekly news

Non-typically problems with PLCs and ransomware never gets bored

A couple of years ago, vulnerabilities in medical equipment were fantastic and incomprehensible. Over the past year, there has been a trend towards the exploitation of such equipment by ransomware. Accordingly, it is worth paying more attention to critical industrial systems and equipment, which are rarely updated by default.Create your own automation vulnerability management process … Continue reading Non-typically problems with PLCs and ransomware never gets bored

Underestimated news of the month in one review + new Vulners service

The Vulners team presented a new service Vulners scanner for WordPress (plugin) this month. Everyone who signs up before the end of August will receive a free lifetime license of the Vulners API for WordPress Vulners plugin! And according to tradition - every first Monday of the month publishes a monthly digest on events in … Continue reading Underestimated news of the month in one review + new Vulners service