Apple weekly digest with mobile apps

This week, the first computer malware was discovered on the Apple M1, whose creators are quick to adapt. Mobile app developers take their time to update them for their products and zero-day often takes too long to fix. We collected all the main most interesting news of the week with Apple and quite a bit … Continue reading Apple weekly digest with mobile apps

New robot from Vulners, strong vulnerabilities and new malicious activity.

Google Chrome is updated every week with new vulnerabilities/malicious extensions/zero-day and other stuff, which is why it needs to be updated regularly, just like other important software. Also this week, a sequel to the SonicWall story came out. Google launched a cool new vulnerability service OSV, which the Vulners team immediately automated it - "Stay … Continue reading New robot from Vulners, strong vulnerabilities and new malicious activity.

Several critical updates, evil malware and security research

Collected the coolest news about Apple, Cisco, zero-day and some company hacked via vulnerability in their products (lol). There are not so many cool news, but we were able to collect the most interesting ones about Whatsup, another war with the Emotet malware, a new version of NAT slipstreaming. Next month we will tell you … Continue reading Several critical updates, evil malware and security research

Lots of zero-day vulnerabilities, and how’s your start of the year?

There is one or more zero-day in each vulnerability section. Intel takes care of the threat from ransomware, the attacker gained access to Microsoft accounts, and, as usual, a little bit about the most interesting new malware with the highest impact. Vulnerabilities: Mostly zero-days;Tools: Outlook research + new tool, OSINT, web testing and defense evasion;News: … Continue reading Lots of zero-day vulnerabilities, and how’s your start of the year?

Available Microsoft 0-day , new SolarWinds vulnerability and others

Microsoft is surprised that they do not fix vulnerability zero with the existing PoC and there has been an exploit for the previous version of the bug for a long time. It is useless to post information about the SolarWinds hack, because there are too many of them and new facts (vulnerabilities) keep appearing. In … Continue reading Available Microsoft 0-day , new SolarWinds vulnerability and others

Zero-Day Vulnerability Month, new Vulners events and malware

There are many zero-day vulnerabilities this month that were only recently patched. Most helpful tools and news. We also decided to add a section on what's new for Vulners this month. Vulners events: Our strongest vulnerability database, which is convenient to work with, is regularly updated and gets better;Vulnerabilities: Google is updating its zero-days non-stop, … Continue reading Zero-Day Vulnerability Month, new Vulners events and malware

Digest with vulnerabilities, emergency updates and attack subjects

Zero-day vulnerabilities are not diminishing, and those that are already actively used in attacking actions. Quick release update - great! A lot of updates is not great! Vulnerabilities: Apple critical update, zero-day from Google, FireEye reports and etc;Tools: Promising tools that surprise with their growth;News: Twitter bot, some attacks and hacker cup;Research: Useful staff for … Continue reading Digest with vulnerabilities, emergency updates and attack subjects

Zero-day for Apple (Safari), tools and malware news

Stealing local files via Safari, few PoCs with exploit, so veriety malware and blue team research (mostly). Vulnerabilities: Have you ever seen a digest without Microsoft?Tools: Mix of tools for the red and blue team;News: Mainly about malware and cats. Not everyone loves cats;Research: Usefull for SOC analysts and DFIR. Feedback -> here Vulnerabilities CVE-2020-3952 … Continue reading Zero-day for Apple (Safari), tools and malware news

Ripple20 zero-day vulnerabilities in IOT devices

The U.S. Department of Homeland Security and CISA ICS-CERT have published security notices about recently discovered vulnerabilities, collectively referred to as Ripple20. Ripple20 includes 19 vulnerabilities affecting billions of Internet-connected devices from 500 vendors around the world. The problems were found in the Treck TCP/IP library and with their help an attacker can remotely gain … Continue reading Ripple20 zero-day vulnerabilities in IOT devices