ransomware – Vulners Blog

Lots of zero-day vulnerabilities, and how’s your start of the year?

Posted on January 18, 2021 by Dmitry Uchakin

There is one or more zero-day in each vulnerability section. Intel takes care of the threat from ransomware, the attacker gained access to Microsoft accounts, and, as usual, a little bit about the most interesting new malware with the highest impact. Vulnerabilities: Mostly zero-days;Tools: Outlook research + new tool, OSINT, web testing and defense evasion;News: … Continue reading Lots of zero-day vulnerabilities, and how’s your start of the year? →

Hardcoded account in Zyxel, whatsapp user’s data → facebook and news about Julian Assange

Posted on January 11, 2021 by Dmitry Uchakin

At the beginning of the year there is not much news, but we were able to collect a digest with the loudest and coolest news. Vulnerabilities: Zyxel fail, cool bug in Google docs and new side-channel attack, + it's recommended to patch Nvidia drivers;Tools: Offensive staff only;News: Julian Assange, whatsapp transfers your data directly to … Continue reading Hardcoded account in Zyxel, whatsapp user’s data → facebook and news about Julian Assange →

Digest without zero-day, with malware and Tesla news

Posted on November 30, 2020 by Dmitry Uchakin

There are no zero-day vulnerabilities or new headliners in this digest. But there are new tool updates and different news + research. Vulnerabilities: No zero-day, only emergency update for Drupal and cPanel, couple exploits for routers;Tools: Update powerfull intellegence tool and others;News: Tesla hacked! Next story about Sopra Steria and malware actions. Baidu was deleted … Continue reading Digest without zero-day, with malware and Tesla news →

Zero-Day Vulnerability Month, new Vulners events and malware

Posted on November 16, 2020November 16, 2020 by Dmitry Uchakin

There are many zero-day vulnerabilities this month that were only recently patched. Most helpful tools and news. We also decided to add a section on what's new for Vulners this month. Vulners events: Our strongest vulnerability database, which is convenient to work with, is regularly updated and gets better;Vulnerabilities: Google is updating its zero-days non-stop, … Continue reading Zero-Day Vulnerability Month, new Vulners events and malware →

Digest with vulnerabilities, emergency updates and attack subjects

Posted on November 9, 2020December 15, 2020 by Dmitry Uchakin

Zero-day vulnerabilities are not diminishing, and those that are already actively used in attacking actions. Quick release update - great! A lot of updates is not great! Vulnerabilities: Apple critical update, zero-day from Google, FireEye reports and etc;Tools: Promising tools that surprise with their growth;News: Twitter bot, some attacks and hacker cup;Research: Useful staff for … Continue reading Digest with vulnerabilities, emergency updates and attack subjects →

Bug Parade with all headliners, zero-days and malware news

Posted on October 26, 2020 by Dmitry Uchakin

Recently, there has been a lot of news about ransomware and their types. Nvidia and google chrome began to release updates more often. Vulnerabilities: Nvidia, Google Chrome and cool report from NSA;Tools: New PlumHound module (BlueHound), tool for SOC analysts and etc.;News: Malware, attacks and games;Research: Have you ever heard about Flare-On? It was attached … Continue reading Bug Parade with all headliners, zero-days and malware news →

Second Tuesday patch, another victim of the ransomware and a friendly reaction of CERT teams to counter Emotet

Posted on September 14, 2020September 14, 2020 by Dmitry Uchakin

ICS attacks, little known to the general public, are perhaps the most devastating in terms of potential negative consequences. New Bluetooth vulnerability and cool malware news. Vulnerabilities: Not an interesting microsoft patch (yet), ICS and bluetooth;Tools: Traditionally;News: Malware activity and CERT alert;Research: Mainly for Windows enthusiasts. Feedback -> here Vulnerabilities Microsoft released another September security … Continue reading Second Tuesday patch, another victim of the ransomware and a friendly reaction of CERT teams to counter Emotet →

Vulners weekly digest #10

Posted on June 8, 2020 by Dmitry Uchakin

Default 4 sections:VulnerabilitiesToolsNewsThreat hunting and malware research Vulnerabilities Apple has released updates to fix a CVE-2020-9859 that was used to jailbreak an iPhone with iOS 13.5. The vulnerability affects the iOS kernel and can allow an application to execute arbitrary code with kernel privileges. https://vulners.com/apple/APPLE:HT211214 CVE-2020-2883 in the Oracle WebLogic Server product of Oracle Fusion … Continue reading Vulners weekly digest #10 →

Vulners weekly digest #9

Posted on June 1, 2020 by Dmitry Uchakin

Four NO traditional sections in our weekly digest. Enjoy! Vulnerabilities and additional info LPE Windows CVE-2019-0880 Detailed research CVE-2019-0880 without exploit. Zero day? https://byteraptors.github.io/windows/exploitation/2020/05/24/sandboxescape.html According to my tests, this bug seems to be still working against a full-patched Windows 7 system and for this reason I chose not to publish the exploit code. Research story … Continue reading Vulners weekly digest #9 →