Microsoft Monthly Patch, exploit competition and attacks

The second Tuesday of each month traditionally pleases the user with a Microsoft update. The annual Tianfu Cup was also held in which researchers demonstrate zero-day vulnerabilities with exploits for them. And the final stage of our digest is the most recent attacks. Vulnerabilities: Microsoft weekly patch, emergency for Apple and Tianfu Cup;Tools: ThreatMapper, EDRHunt … Continue reading Microsoft Monthly Patch, exploit competition and attacks

Build exploits for zero-days and try to test their Confluence

Over the past week, the main zero-day vulnerabilities with unreleased patches from Microsoft, which, as usual, very quickly began to be exploited in the wild. And a couple of demonstrative news about why it is worth fixing vulnerabilities in your networks as quickly as possible. Vulnerabilities: Microsoft unpatched fail with exploit/PoC, Netgear devices, Android and … Continue reading Build exploits for zero-days and try to test their Confluence

RCE with exploit in Confluence Server and Confluence Data Center (CVE-2021-26084)

On August 25, Atlassian reported a critical Remote Code Execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability allows an authenticated user, and in some cases an unauthenticated user, to execute arbitrary code in Confluence Server and Confluence Data Center. Today, September 1, an article was published with a research of the vulnerability … Continue reading RCE with exploit in Confluence Server and Confluence Data Center (CVE-2021-26084)