Digest with vulnerabilities, emergency updates and attack subjects

Zero-day vulnerabilities are not diminishing, and those that are already actively used in attacking actions. Quick release update - great! A lot of updates is not great! Vulnerabilities: Apple critical update, zero-day from Google, FireEye reports and etc;Tools: Promising tools that surprise with their growth;News: Twitter bot, some attacks and hacker cup;Research: Useful staff for … Continue reading Digest with vulnerabilities, emergency updates and attack subjects

Most critical vulnerabilities, next ransomware and PRE-ATT&CK

What could be more dangerous than a zero-day vulnerability that has been made public and has not yet been fixed? This is what google projecy zero did by publishing zero-day in windows before the patch. The attempts to exploit Oracle weblogic in the wild also started. But as statistics show, not everyone is in a … Continue reading Most critical vulnerabilities, next ransomware and PRE-ATT&CK

Bug Parade with all headliners, zero-days and malware news

Recently, there has been a lot of news about ransomware and their types. Nvidia and google chrome began to release updates more often. Vulnerabilities: Nvidia, Google Chrome and cool report from NSA;Tools: New PlumHound module (BlueHound), tool for SOC analysts and etc.;News: Malware, attacks and games;Research: Have you ever heard about Flare-On? It was attached … Continue reading Bug Parade with all headliners, zero-days and malware news

Microsoft patch, powerfull malware and zero-days

Macrosoft, as usual, closed one problem - two new ones appeared. In this weekly digest there are many mentions of using the latest vulnerabilities in attacks. It shows the impact of vulnerability managment process and what happens if you don't do it. Vulnerabilities: Default Microsoft patch, too critical vulnerabilities in VPN soft and etc.;Tools: Mainly … Continue reading Microsoft patch, powerfull malware and zero-days

Monthly bunch of vulnerabilities in different directions and almost without hype

In this monthly overview we want to show you something that has not been written about yet, but at the end of the month we consider the most interesting and cool. Vulnerabilities: Several vulnerabilities for an enterprise, a few for regular users and a couple of non-standard ones worth knowing about;Tools: Other Undescribed Tools: web, … Continue reading Monthly bunch of vulnerabilities in different directions and almost without hype

ICS vulnerabilities, new features from GitHub and ransomware

More and more often, ICSs become the target of ransomware attacks. The industrial field is very important, besides this week came out a set of critical vulnerabilities. Also, GitHub released functionality to scan repositories and a lot of research materials to expose threats. Vulnerabilities: ICS 🙂 and vulnerability in the wild;Tools: Git, smbAutoRelay, etc;News: New … Continue reading ICS vulnerabilities, new features from GitHub and ransomware

Everybody knows: windows source code leak, zerologon updates and other fresh vulnerabilities

Checkpoint published tech review about Instagram vulnerability, remember Saltstack? Quiet digest, no ransomware or attack reports. Vulnerabilities: Important, non-standard and interesting ones;Tools: Mostly cool attacking tools;News: Additional news about Instagram and CISA;Research: Less than usual, there is something to read. Feedback -> here Vulnerabilities Cisco Systems released fixes for vulnerabilities in the widespread IOS operating … Continue reading Everybody knows: windows source code leak, zerologon updates and other fresh vulnerabilities

Weekly Digest not only about Zerologon

Of course, the top news of the week is Zerologon. But what about new IOS updates with fix critical vulnerabilities? What about other news in the world of information security? Vulnerabilities: Cool report with h1, IOS and Bluetooth (again?);Tools: KQL with Microsoft and others;News: The largest Magecart infection, NCSC and IOS;Research: A bit of everything. … Continue reading Weekly Digest not only about Zerologon

Second Tuesday patch, another victim of the ransomware and a friendly reaction of CERT teams to counter Emotet

ICS attacks, little known to the general public, are perhaps the most devastating in terms of potential negative consequences. New Bluetooth vulnerability and cool malware news. Vulnerabilities: Not an interesting microsoft patch (yet), ICS and bluetooth;Tools: Traditionally;News: Malware activity and CERT alert;Research: Mainly for Windows enthusiasts. Feedback -> here Vulnerabilities Microsoft released another September security … Continue reading Second Tuesday patch, another victim of the ransomware and a friendly reaction of CERT teams to counter Emotet

IOCs for you with Vulners

Everyone around is constantly advised to use free and public feeds without the possibility of using unique. Besides, many of them duplicate each other and in most cases, expertise costs money. But what if you want better result with a minimum of effort? This is exactly what we did. RST Threat Feed team shared their … Continue reading IOCs for you with Vulners