ransomware – Vulners Blog

Top and unmentioned news of the last month, except for ProxyLogon

Posted on April 5, 2021 by Dmitry Uchakin

A frightening trend of exploits/PoCs for processor vulnerabilities found in 2018 began this month. The good news is that many companies did update their Exchange servers, but the authors of the malware don't think to stop and continue to automate exploitation of the vulnerabilities. Keep subscribing to new news from Vulners and stay on the … Continue reading Top and unmentioned news of the last month, except for ProxyLogon →

Ransomware for your Exchange and mobile vulnerabilities 👾

Posted on March 29, 2021 by Dmitry Uchakin

The topics of email vulnerabilities continue, with more and more sophisticated vulnerabilities being exploited in attacks. Notably, new botnets/malware are automating the exploitation of the newest vulnerabilities by transforming them into worm-like weapon. Ransomware is again breaking the record for the amount of money demanded ("We need more gold!")! Vulnerabilities: rare Android vulnerability in the … Continue reading Ransomware for your Exchange and mobile vulnerabilities 👾 →

Too burning/hot weekly digest 🔥

Posted on March 15, 2021March 28, 2021 by Dmitry Uchakin

Upgrade your Exchange servers, now! Some attackers/pentesters/red teamers/researchers have already converted Proxylogon PoCs into first versions of RCEs to exploit these vulnerabilities.Microsoft has released another big and important update this week. Apart from that, there were many small but important updates with zero-day vulnerabilities. + There were various attacks, malware, and data centers burning. Vulnerabilities: … Continue reading Too burning/hot weekly digest 🔥 →

Huge patches from vendors, Vulners news and hot Android malware

Posted on March 1, 2021 by Dmitry Uchakin

There has been a lot of news about Apple and Android this month, as the first malware for the Apple M1 has started to appear and malware developers are not wasting time. Cisco also released a big update package for their devices, and SonicWall is not fixing its problems. A little bit about what's new … Continue reading Huge patches from vendors, Vulners news and hot Android malware →

Сouple of massive updates, several f**k-ups with loud vulnerabilities and attacks

Posted on February 15, 2021February 15, 2021 by Dmitry Uchakin

Several high-profile vulnerabilities in Windows and Apple were fixed this week. Epic confusion/substitution attacks and an interesting vulnerability with secret chats in Telegram. We've picked up the top news from the past week. Vulnerabilities: releases from Microsoft and Apple + Telegram vulnerabilities;Tools: Adversary testing;News: Hacker poisoned water in an American city, amazing research, bad luck … Continue reading Сouple of massive updates, several f**k-ups with loud vulnerabilities and attacks →

Uncommon but enlightening vulnerabilities with Microsoft and more

Posted on January 25, 2021 by Dmitry Uchakin

Not as many critical vulnerabilities as last week. This time it's mostly cool and non-standard vulnerabilities that are important to know about. For example, the KindleDrip attack shows a new way to exploit vulnerabilities. Or another vulnerability is that your kids could be little bug hunters. Vulnerabilities: No zero-days, DNSpooq, kids and bughunting;Tools: POCs and … Continue reading Uncommon but enlightening vulnerabilities with Microsoft and more →

Lots of zero-day vulnerabilities, and how’s your start of the year?

Posted on January 18, 2021 by Dmitry Uchakin

There is one or more zero-day in each vulnerability section. Intel takes care of the threat from ransomware, the attacker gained access to Microsoft accounts, and, as usual, a little bit about the most interesting new malware with the highest impact. Vulnerabilities: Mostly zero-days;Tools: Outlook research + new tool, OSINT, web testing and defense evasion;News: … Continue reading Lots of zero-day vulnerabilities, and how’s your start of the year? →

Hardcoded account in Zyxel, whatsapp user’s data → facebook and news about Julian Assange

Posted on January 11, 2021 by Dmitry Uchakin

At the beginning of the year there is not much news, but we were able to collect a digest with the loudest and coolest news. Vulnerabilities: Zyxel fail, cool bug in Google docs and new side-channel attack, + it's recommended to patch Nvidia drivers;Tools: Offensive staff only;News: Julian Assange, whatsapp transfers your data directly to … Continue reading Hardcoded account in Zyxel, whatsapp user’s data → facebook and news about Julian Assange →

Digest without zero-day, with malware and Tesla news

Posted on November 30, 2020 by Dmitry Uchakin

There are no zero-day vulnerabilities or new headliners in this digest. But there are new tool updates and different news + research. Vulnerabilities: No zero-day, only emergency update for Drupal and cPanel, couple exploits for routers;Tools: Update powerfull intellegence tool and others;News: Tesla hacked! Next story about Sopra Steria and malware actions. Baidu was deleted … Continue reading Digest without zero-day, with malware and Tesla news →

Zero-Day Vulnerability Month, new Vulners events and malware

Posted on November 16, 2020November 16, 2020 by Dmitry Uchakin

There are many zero-day vulnerabilities this month that were only recently patched. Most helpful tools and news. We also decided to add a section on what's new for Vulners this month. Vulners events: Our strongest vulnerability database, which is convenient to work with, is regularly updated and gets better;Vulnerabilities: Google is updating its zero-days non-stop, … Continue reading Zero-Day Vulnerability Month, new Vulners events and malware →