Weekly/daily zero-days and ransomware news

This week Apple and Google fixed zero-day vulnerabilities. More information about APTs and ransomware. All this proves once again that vulnerability management process in information security is just as important as the others. Vulnerabilities: Few zero-days from Chrome and Apple, cool Instagram bug and do you use paint?Tools: Event killer, aim to shellcoders, Rustcat (like … Continue reading Weekly/daily zero-days and ransomware news

Several vendor’s emergency patches, Kubernetes alarms and others

The second week of the month traditionally increases the amount of work for IT services in companies. Lots of zero-day vulnerabilities from several major vendors. Also, malware news. After all, not every day attackers use Kubernetes for mining. Read more about other threats Vulnerabilities: Microsoft, Intel and Chrome with tons of patches + critical for … Continue reading Several vendor’s emergency patches, Kubernetes alarms and others

Typical zero-days and new malware features, what else is required?

All of the vulnerabilities mentioned in the post are critical, some of them zero-day vulnerabilities that need to be urgently updated in their own products. For the second week, our news consists of malwares that are hijacking new targets (like Apple contractor) and actively evacuating. Vulnerabilities: zero-day in PulseSecure, SonicWall and Chrome, but some of … Continue reading Typical zero-days and new malware features, what else is required?

New pack of vulnerabilities in TCP/IP stack, malware evolution and consequences of the Pwn2Own

In addition to the monthly update from Microsoft, a new set of critical vulnerabilities in the TCP/IP stack appeared this week. Also, some researchers are publishing exploits from Pwn2Own competitions. Not much bright news, but we've gathered the most significant and useful ones! Vulnerabilities: Microsoft monthly patch, pack of critical vulnerabilities in TCP/IP stack, regular … Continue reading New pack of vulnerabilities in TCP/IP stack, malware evolution and consequences of the Pwn2Own

New robot from Vulners, strong vulnerabilities and new malicious activity.

Google Chrome is updated every week with new vulnerabilities/malicious extensions/zero-day and other stuff, which is why it needs to be updated regularly, just like other important software. Also this week, a sequel to the SonicWall story came out. Google launched a cool new vulnerability service OSV, which the Vulners team immediately automated it - "Stay … Continue reading New robot from Vulners, strong vulnerabilities and new malicious activity.