Several vendor’s emergency patches, Kubernetes alarms and others

The second week of the month traditionally increases the amount of work for IT services in companies. Lots of zero-day vulnerabilities from several major vendors. Also, malware news. After all, not every day attackers use Kubernetes for mining. Read more about other threats Vulnerabilities: Microsoft, Intel and Chrome with tons of patches + critical for … Continue reading Several vendor’s emergency patches, Kubernetes alarms and others

Only critical vulnerabilities of the week and the newest attacks

Too many updates from the same vendors come out every month. Either the developers make more mistakes in the development process, or security researchers have begun to actively improve their own competencies. For example, Apple releases updates almost every week. As follows from the news section, attackers regularly use such vulnerabilities in their attacks. Why … Continue reading Only critical vulnerabilities of the week and the newest attacks

Too many vulnerabilities on one Tuesday from 2 vendors, not to mention zero-days

Almost every week there is a new vulnerability pack with a new name, this time it's Frag Attacks (wi-fi). Another Microsoft patch has been released - there will be exploits soon. Also, a huge number of Adobe design and office products have been patched. Attackers through ransomware are becoming more and more vicious, for example, … Continue reading Too many vulnerabilities on one Tuesday from 2 vendors, not to mention zero-days

More malware with new vulnerabilities in the wild in the monthly digest

In the last month, almost every week we wrote about new zero-day vulnerabilities, soon Apple and Chrome are updating almost every day + their vulnerabilities are exploited in the wild. We usually don't write so much about malware, but this month there is too much of it and it is closely related to critical vulnerabilities, … Continue reading More malware with new vulnerabilities in the wild in the monthly digest

Typical zero-days and new malware features, what else is required?

All of the vulnerabilities mentioned in the post are critical, some of them zero-day vulnerabilities that need to be urgently updated in their own products. For the second week, our news consists of malwares that are hijacking new targets (like Apple contractor) and actively evacuating. Vulnerabilities: zero-day in PulseSecure, SonicWall and Chrome, but some of … Continue reading Typical zero-days and new malware features, what else is required?

Top and unmentioned news of the last month, except for ProxyLogon

A frightening trend of exploits/PoCs for processor vulnerabilities found in 2018 began this month. The good news is that many companies did update their Exchange servers, but the authors of the malware don't think to stop and continue to automate exploitation of the vulnerabilities. Keep subscribing to new news from Vulners and stay on the … Continue reading Top and unmentioned news of the last month, except for ProxyLogon

Ransomware for your Exchange and mobile vulnerabilities 👾

The topics of email vulnerabilities continue, with more and more sophisticated vulnerabilities being exploited in attacks. Notably, new botnets/malware are automating the exploitation of the newest vulnerabilities by transforming them into worm-like weapon. Ransomware is again breaking the record for the amount of money demanded ("We need more gold!")! Vulnerabilities: rare Android vulnerability in the … Continue reading Ransomware for your Exchange and mobile vulnerabilities 👾

Too burning/hot weekly digest 🔥

Upgrade your Exchange servers, now! Some attackers/pentesters/red teamers/researchers have already converted Proxylogon PoCs into first versions of RCEs to exploit these vulnerabilities.Microsoft has released another big and important update this week. Apart from that, there were many small but important updates with zero-day vulnerabilities. + There were various attacks, malware, and data centers burning. Vulnerabilities: … Continue reading Too burning/hot weekly digest 🔥

Huge patches from vendors, Vulners news and hot Android malware

There has been a lot of news about Apple and Android this month, as the first malware for the Apple M1 has started to appear and malware developers are not wasting time. Cisco also released a big update package for their devices, and SonicWall is not fixing its problems. A little bit about what's new … Continue reading Huge patches from vendors, Vulners news and hot Android malware

Сouple of massive updates, several f**k-ups with loud vulnerabilities and attacks

Several high-profile vulnerabilities in Windows and Apple were fixed this week. Epic confusion/substitution attacks and an interesting vulnerability with secret chats in Telegram. We've picked up the top news from the past week. Vulnerabilities: releases from Microsoft and Apple + Telegram vulnerabilities;Tools: Adversary testing;News: Hacker poisoned water in an American city, amazing research, bad luck … Continue reading Сouple of massive updates, several f**k-ups with loud vulnerabilities and attacks