Vulners Blog

LAW ENFORCEMENT SUCCESS and One patch: bunch of vulnerabilities

Posted on September 27, 2021September 27, 2021 by Dmitry Uchakin

Recently, the number of vulnerabilities that come out in a single patch and the frequency of updates have been going up a lot. On the one hand it is great that vendors fix vulnerabilities fast enough, but on the other hand it is frightening to see more of them. Stay on the latest with Vulners! … Continue reading LAW ENFORCEMENT SUCCESS and One patch: bunch of vulnerabilities →

Non-hype vulnerabilities and news in Vulners monthly review

Posted on September 6, 2021September 6, 2021 by Dmitry Uchakin

Microsoft in our weekly digests of this month. Traditionally, it was collected underestimated and unmentioned vulnerabilities with the news of the past month. There will be vulnerabilities in Kindle and Trend Micro, and news about hackers in white hat and new trends in attacking guys.*All information was harvested by the author's hands via Vulners DB … Continue reading Non-hype vulnerabilities and news in Vulners monthly review →

Keep in save your devices, patch critical systems and stay on the latest

Posted on August 30, 2021August 30, 2021 by Dmitry Uchakin

Apparently this month there is a boom in vulnerabilities in various devices. Ransomware continues to be active, improving encryption methods and introducing new techniques in attacks. But even the largest vendors are determined, after all, it's not for nothing that they miss the pack of startups in recent months. Vulnerabilities: Gaming devices, Apple exploit, TOP … Continue reading Keep in save your devices, patch critical systems and stay on the latest →

Second Tuesday patches and several attacks in weekly news

Posted on August 16, 2021August 16, 2021 by Dmitry Uchakin

The week of the second Tuesday of the month always sees a lot of important updates from various vendors. It's been a long time since our news section was bigger than Vulnerabilities. In the Research section you will traditionally find the most useful stuff that the author couldn't pass by. Content: Vulnerabilities: Microsoft patch and … Continue reading Second Tuesday patches and several attacks in weekly news →

Non-typically problems with PLCs and ransomware never gets bored

Posted on August 9, 2021August 9, 2021 by Dmitry Uchakin

A couple of years ago, vulnerabilities in medical equipment were fantastic and incomprehensible. Over the past year, there has been a trend towards the exploitation of such equipment by ransomware. Accordingly, it is worth paying more attention to critical industrial systems and equipment, which are rarely updated by default.Create your own automation vulnerability management process … Continue reading Non-typically problems with PLCs and ransomware never gets bored →

Weekly Digest: How many patches does it take to fix one vulnerability? And for more?

Posted on July 19, 2021 by Dmitry Uchakin

Microsoft has made several attempts since June, but the author of the mimikatz continues to bypass all the patches. Likewise, other vendors have tried to close a bunch of zero-day vulnerabilities, so you can protect yourself (or not) from ransomware.Even though the most dangerous of ransomware gangs are out, most of them continue to evolve … Continue reading Weekly Digest: How many patches does it take to fix one vulnerability? And for more? →

Monthly red digest with red vulnerabilities and incidents

Posted on July 5, 2021 by Dmitry Uchakin

Microsoft is the headliner of the outgoing month. Too many too critical vulnerabilities in the last month. Also, other vendors with zero-day and 1-click vulnerabilities are worth noting. In addition to vulnerabilities, there were several high-profile hacks and news about ransomware + some APT for our monthly digest. Vulnerabilities: Microsoft, IOT, Nvidia, Atlassian, Western Digital … Continue reading Monthly red digest with red vulnerabilities and incidents →

Lots of ransomware with couple vulnerabilities

Posted on June 28, 2021 by Dmitry Uchakin

This week there was a lot of news related to ransomware, including the closure of Binance cryptocurrency exchanges in many countries due to money laundering. Not all vendors can fix vulnerabilities the first time, which is one way zero-day vulnerabilities appear. Vulnerabilities: Pling application store, tons of vulnerabilities from Nvidia and unpatched SonicWall;Tools: SSH bruteforcer … Continue reading Lots of ransomware with couple vulnerabilities →

Weekly/daily zero-days and ransomware news

Posted on June 21, 2021June 21, 2021 by Dmitry Uchakin

This week Apple and Google fixed zero-day vulnerabilities. More information about APTs and ransomware. All this proves once again that vulnerability management process in information security is just as important as the others. Vulnerabilities: Few zero-days from Chrome and Apple, cool Instagram bug and do you use paint?Tools: Event killer, aim to shellcoders, Rustcat (like … Continue reading Weekly/daily zero-days and ransomware news →

Several vendor’s emergency patches, Kubernetes alarms and others

Posted on June 14, 2021 by Dmitry Uchakin

The second week of the month traditionally increases the amount of work for IT services in companies. Lots of zero-day vulnerabilities from several major vendors. Also, malware news. After all, not every day attackers use Kubernetes for mining. Read more about other threats Vulnerabilities: Microsoft, Intel and Chrome with tons of patches + critical for … Continue reading Several vendor’s emergency patches, Kubernetes alarms and others →