Apparently this month there is a boom in vulnerabilities in various devices. Ransomware continues to be active, improving encryption methods and introducing new techniques in attacks. But even the largest vendors are determined, after all, it's not for nothing that they miss the pack of startups in recent months. Vulnerabilities: Gaming devices, Apple exploit, TOP … Continue reading Keep in save your devices, patch critical systems and stay on the latest
One of the highlights of the week is the Pwn2Own competition. Participants have hacked many well-known applications. As for the rest of the news: as always, update your Cisco devices and Facebook, as usual, takes care of our privacy.Welcome to the post! Don't forget to check out Vulners team documentation reborn and write your feedback;) … Continue reading Vulnerability WARNINGS and how long does it take to update?
This week is full of news about zero-day vulnerabilities, attacks using them. There were also hacks, talk about data breaches? When an emergency update comes out, you better apply it, because you might already be attacked. Vulnerabilities: Exploit for Spectre + Meltdown, your exchange has been hacked and install the latest updates for Chrome!;Tools: mostly … Continue reading Zero-day: the main topic of this weekly digest
Google Chrome is updated every week with new vulnerabilities/malicious extensions/zero-day and other stuff, which is why it needs to be updated regularly, just like other important software. Also this week, a sequel to the SonicWall story came out. Google launched a cool new vulnerability service OSV, which the Vulners team immediately automated it - "Stay … Continue reading New robot from Vulners, strong vulnerabilities and new malicious activity.
Zero-day vulnerabilities are not diminishing, and those that are already actively used in attacking actions. Quick release update - great! A lot of updates is not great! Vulnerabilities: Apple critical update, zero-day from Google, FireEye reports and etc;Tools: Promising tools that surprise with their growth;News: Twitter bot, some attacks and hacker cup;Research: Useful staff for … Continue reading Digest with vulnerabilities, emergency updates and attack subjects
What could be more dangerous than a zero-day vulnerability that has been made public and has not yet been fixed? This is what google projecy zero did by publishing zero-day in windows before the patch. The attempts to exploit Oracle weblogic in the wild also started. But as statistics show, not everyone is in a … Continue reading Most critical vulnerabilities, next ransomware and PRE-ATT&CK
This month, vulners collected Google's open-source OSS-Fuzz data. OSS-Fuzz is a great tool for fuzz testing your projects to uncover different kinds of programming errors in software. "OSS-Fuzz provides ‘fuzzing as a service’ for open source projects" https://opensource.google/projects/oss-fuzz It's amazing that this data is now available both for easy visual searching and via the Vulners … Continue reading OSS-Fuzz data in Vulners