Ransomware for your Exchange and mobile vulnerabilities 👾

The topics of email vulnerabilities continue, with more and more sophisticated vulnerabilities being exploited in attacks. Notably, new botnets/malware are automating the exploitation of the newest vulnerabilities by transforming them into worm-like weapon. Ransomware is again breaking the record for the amount of money demanded ("We need more gold!")! Vulnerabilities: rare Android vulnerability in the … Continue reading Ransomware for your Exchange and mobile vulnerabilities 👾

Too burning/hot weekly digest 🔥

Upgrade your Exchange servers, now! Some attackers/pentesters/red teamers/researchers have already converted Proxylogon PoCs into first versions of RCEs to exploit these vulnerabilities.Microsoft has released another big and important update this week. Apart from that, there were many small but important updates with zero-day vulnerabilities. + There were various attacks, malware, and data centers burning. Vulnerabilities: … Continue reading Too burning/hot weekly digest 🔥

Apple weekly digest with mobile apps

This week, the first computer malware was discovered on the Apple M1, whose creators are quick to adapt. Mobile app developers take their time to update them for their products and zero-day often takes too long to fix. We collected all the main most interesting news of the week with Apple and quite a bit … Continue reading Apple weekly digest with mobile apps

Сouple of massive updates, several f**k-ups with loud vulnerabilities and attacks

Several high-profile vulnerabilities in Windows and Apple were fixed this week. Epic confusion/substitution attacks and an interesting vulnerability with secret chats in Telegram. We've picked up the top news from the past week. Vulnerabilities: releases from Microsoft and Apple + Telegram vulnerabilities;Tools: Adversary testing;News: Hacker poisoned water in an American city, amazing research, bad luck … Continue reading Сouple of massive updates, several f**k-ups with loud vulnerabilities and attacks

Several critical updates, evil malware and security research

Collected the coolest news about Apple, Cisco, zero-day and some company hacked via vulnerability in their products (lol). There are not so many cool news, but we were able to collect the most interesting ones about Whatsup, another war with the Emotet malware, a new version of NAT slipstreaming. Next month we will tell you … Continue reading Several critical updates, evil malware and security research

Monthly digest not just about FireEye and SolarWinds hacks

The last monthly digest this year turned out to be intense and interesting. There was a lot of news about various hacks and attacks, new methods of attacks were invented and new malware was discovered. Bottom line of this month: supply chain attacks exist and the secure Security Development Lifecycle is VERY IMPORTANT! Vulnerabilities: Apple … Continue reading Monthly digest not just about FireEye and SolarWinds hacks

Cisco stories, ICS and Apple features

Apple recently released its new OS Bg Sur and immediately started fixing vulnerabilities. Also, undocumented features were found in new platform. Cisco is fixing vulnerabilities in its products strangely. Pair of funny tools and a couple of interesting stories in news section. Vulnerabilities: Cisco story, "bugs" in messagers and ICS;Tools: Bloodhound continues to be updated, … Continue reading Cisco stories, ICS and Apple features

Zero-day for Apple (Safari), tools and malware news

Stealing local files via Safari, few PoCs with exploit, so veriety malware and blue team research (mostly). Vulnerabilities: Have you ever seen a digest without Microsoft?Tools: Mix of tools for the red and blue team;News: Mainly about malware and cats. Not everyone loves cats;Research: Usefull for SOC analysts and DFIR. Feedback -> here Vulnerabilities CVE-2020-3952 … Continue reading Zero-day for Apple (Safari), tools and malware news

The two most important conferences of the year and new facebook tool

This week there were such significant events as Defcon and Black Hat 2020. Some of the materials from these conferences are in today's digest. Vulnerabilities: Cool material from Blackhat 2020 and Qualcomm vulnerabilities. Tools: New code analyzer from facebook. News: Data leak and ransomware for Canon (like Garmin). Research: Mostly for the blue/purple teams. Feedback: … Continue reading The two most important conferences of the year and new facebook tool

Apple devices for security researchers

Great news for security researchers and bug hunters! Apple officially started "The Security Research Device (SRD)" program to provide its devices to security researchers. To participate in this program, you need to meet several conditions: Developer account (99$/year);Bugs / vulnerabilities in the Apple platforms or in other popular and modern platforms / operating systems;You must … Continue reading Apple devices for security researchers