Vulners Blog

Zero-day: the main topic of this weekly digest

Posted on March 8, 2021March 8, 2021 by Dmitry Uchakin

This week is full of news about zero-day vulnerabilities, attacks using them. There were also hacks, talk about data breaches? When an emergency update comes out, you better apply it, because you might already be attacked. Vulnerabilities: Exploit for Spectre + Meltdown, your exchange has been hacked and install the latest updates for Chrome!;Tools: mostly … Continue reading Zero-day: the main topic of this weekly digest →

Сouple of massive updates, several f**k-ups with loud vulnerabilities and attacks

Posted on February 15, 2021February 15, 2021 by Dmitry Uchakin

Several high-profile vulnerabilities in Windows and Apple were fixed this week. Epic confusion/substitution attacks and an interesting vulnerability with secret chats in Telegram. We've picked up the top news from the past week. Vulnerabilities: releases from Microsoft and Apple + Telegram vulnerabilities;Tools: Adversary testing;News: Hacker poisoned water in an American city, amazing research, bad luck … Continue reading Сouple of massive updates, several f**k-ups with loud vulnerabilities and attacks →

Uncommon but enlightening vulnerabilities with Microsoft and more

Posted on January 25, 2021 by Dmitry Uchakin

Not as many critical vulnerabilities as last week. This time it's mostly cool and non-standard vulnerabilities that are important to know about. For example, the KindleDrip attack shows a new way to exploit vulnerabilities. Or another vulnerability is that your kids could be little bug hunters. Vulnerabilities: No zero-days, DNSpooq, kids and bughunting;Tools: POCs and … Continue reading Uncommon but enlightening vulnerabilities with Microsoft and more →

Lots of zero-day vulnerabilities, and how’s your start of the year?

Posted on January 18, 2021 by Dmitry Uchakin

There is one or more zero-day in each vulnerability section. Intel takes care of the threat from ransomware, the attacker gained access to Microsoft accounts, and, as usual, a little bit about the most interesting new malware with the highest impact. Vulnerabilities: Mostly zero-days;Tools: Outlook research + new tool, OSINT, web testing and defense evasion;News: … Continue reading Lots of zero-day vulnerabilities, and how’s your start of the year? →

Available Microsoft 0-day , new SolarWinds vulnerability and others

Posted on December 28, 2020 by Dmitry Uchakin

Microsoft is surprised that they do not fix vulnerability zero with the existing PoC and there has been an exploit for the previous version of the bug for a long time. It is useless to post information about the SolarWinds hack, because there are too many of them and new facts (vulnerabilities) keep appearing. In … Continue reading Available Microsoft 0-day , new SolarWinds vulnerability and others →

Tuesday patch with Kerberos, bunch of vulnerabilities and security breaches

Posted on December 14, 2020January 22, 2021 by Dmitry Uchakin

Lots of buzz about the FireEye hack this week, but most hack news is often a consequence of the lack of a vulnerability management process. Also this week a lot of vulnerabilities were found in Internet protocols and even Steam games. In our digests we try to show the most significant and interesting news for … Continue reading Tuesday patch with Kerberos, bunch of vulnerabilities and security breaches →

Second Tuesday patch, another victim of the ransomware and a friendly reaction of CERT teams to counter Emotet

Posted on September 14, 2020September 14, 2020 by Dmitry Uchakin

ICS attacks, little known to the general public, are perhaps the most devastating in terms of potential negative consequences. New Bluetooth vulnerability and cool malware news. Vulnerabilities: Not an interesting microsoft patch (yet), ICS and bluetooth;Tools: Traditionally;News: Malware activity and CERT alert;Research: Mainly for Windows enthusiasts. Feedback -> here Vulnerabilities Microsoft released another September security … Continue reading Second Tuesday patch, another victim of the ransomware and a friendly reaction of CERT teams to counter Emotet →

Microsoft update with zero-days, few tools, Alexa hack and research

Posted on August 17, 2020August 17, 2020 by Dmitry Uchakin

Traditionally, Microsoft in the spotlight after monthly update Vulnerabilities: Microsoft patched zero-day which detected in the wild!Tools: Cool zeek tool and othersNews: Alexa hacked and Canon update (again)Research: You know what to do Feedback -> here Vulnerabilities Microsoft released a monthly security update (every other Tuesday) that fixed 120 vulnerabilities, 17 of which received the … Continue reading Microsoft update with zero-days, few tools, Alexa hack and research →

Windows DNS vulnerability – CVSS 10

Posted on July 14, 2020December 23, 2020 by Dmitry Uchakin

On the second Tuesday in July, Microsoft released patches for 123 CVEs. But the most dangerous of all is the vulnerability CVE-2020-1350 in the Windows DNS Server versions 2003 to 2019. Vulnerability allows an unauthenticated user (attacker) to execute remote code on the target system. It can be exploited by sending crafted DNS query to … Continue reading Windows DNS vulnerability – CVSS 10 →

Vulners weekly digest #11

Posted on June 15, 2020June 15, 2020 by Dmitry Uchakin

4 sections:VulnerabilitiesToolsNewsResearches (red teaming, threat hunting, malware) Vulnerabilities June's "the second Tuesday patch" has become the largest in the history of Microsoft. The patches fix 129 vulnerabilities – the maximum number of security issues ever closed by Microsoft in a single "fix Tuesday". However, despite the number of vulnerabilities, none of them is a zero-day … Continue reading Vulners weekly digest #11 →