Vulners Blog

Microsoft patch, zero-days and few attacks

Posted on November 16, 2021November 23, 2021 by Dmitry Uchakin

The highlight of the past week is Microsoft's monthly patch. Also, take a look at the new miners for docker and malware for macOS. Vulnerabilities: Miscrorosft patch, BusyBox and Palo Alto;Tools: EXOCET, Abaddon, holehe;News: Docker miners, Robinhood compromised and attack for macOS users;Research: useful articles, cheat sheets and etc. Vulners docs Vulnerabilities Microsoft PatchTuesday Microsoft … Continue reading Microsoft patch, zero-days and few attacks →

Microsoft Monthly Patch, exploit competition and attacks

Posted on October 18, 2021October 18, 2021 by Dmitry Uchakin

The second Tuesday of each month traditionally pleases the user with a Microsoft update. The annual Tianfu Cup was also held in which researchers demonstrate zero-day vulnerabilities with exploits for them. And the final stage of our digest is the most recent attacks. Vulnerabilities: Microsoft weekly patch, emergency for Apple and Tianfu Cup;Tools: ThreatMapper, EDRHunt … Continue reading Microsoft Monthly Patch, exploit competition and attacks →

Open-source Twitter, weekly google patches and other fails

Posted on October 11, 2021October 11, 2021 by Dmitry Uchakin

Twitter has become an open source project this week. Check out the cool research from ESET and Kaspersky teams. A typical week in information security. Vulners is helping thousands of users stay away from Twitter this week. Don't be like heroes from our news, install patches and keep an eye on security. Vulnerabilities: Apache, Honeywell … Continue reading Open-source Twitter, weekly google patches and other fails →

Another day (week/month) -> another 0-day

Posted on October 4, 2021October 4, 2021 by Dmitry Uchakin

Read about all the most important vulnerabilities in our digests and reviews. Update this month we have expanded the section with the Research, today it contains more research articles, analysis of new malware and attacks. Note that a button has been added for Tools to directly download utilities. Vulnerabilities: SonicWall, few zero-days for Chrome, 0-days … Continue reading Another day (week/month) -> another 0-day →

Vulnerability patches and news pack for those who rarely update their software

Posted on September 20, 2021September 20, 2021 by Dmitry Uchakin

Several packs of vulnerabilities from the most important buckets with zero-day vulnerabilities. Many of them are already being exploited in the wild. The news section shows the consequences of not installing important updates on time. If your software is in this digest - update it urgently. Vulnerabilities: Microsoft patch, Google 10th zero-day, Apple patch;Tools: DNSTake, … Continue reading Vulnerability patches and news pack for those who rarely update their software →

Build exploits for zero-days and try to test their Confluence

Posted on September 13, 2021September 13, 2021 by Dmitry Uchakin

Over the past week, the main zero-day vulnerabilities with unreleased patches from Microsoft, which, as usual, very quickly began to be exploited in the wild. And a couple of demonstrative news about why it is worth fixing vulnerabilities in your networks as quickly as possible. Vulnerabilities: Microsoft unpatched fail with exploit/PoC, Netgear devices, Android and … Continue reading Build exploits for zero-days and try to test their Confluence →

Underestimated news of the month in one review + new Vulners service

Posted on August 2, 2021August 9, 2021 by Dmitry Uchakin

The Vulners team presented a new service Vulners scanner for WordPress (plugin) this month. Everyone who signs up before the end of August will receive a free lifetime license of the Vulners API for WordPress Vulners plugin! And according to tradition - every first Monday of the month publishes a monthly digest on events in … Continue reading Underestimated news of the month in one review + new Vulners service →

Weekly Digest: How many patches does it take to fix one vulnerability? And for more?

Posted on July 19, 2021 by Dmitry Uchakin

Microsoft has made several attempts since June, but the author of the mimikatz continues to bypass all the patches. Likewise, other vendors have tried to close a bunch of zero-day vulnerabilities, so you can protect yourself (or not) from ransomware.Even though the most dangerous of ransomware gangs are out, most of them continue to evolve … Continue reading Weekly Digest: How many patches does it take to fix one vulnerability? And for more? →

Monthly red digest with red vulnerabilities and incidents

Posted on July 5, 2021 by Dmitry Uchakin

Microsoft is the headliner of the outgoing month. Too many too critical vulnerabilities in the last month. Also, other vendors with zero-day and 1-click vulnerabilities are worth noting. In addition to vulnerabilities, there were several high-profile hacks and news about ransomware + some APT for our monthly digest. Vulnerabilities: Microsoft, IOT, Nvidia, Atlassian, Western Digital … Continue reading Monthly red digest with red vulnerabilities and incidents →

Weekly/daily zero-days and ransomware news

Posted on June 21, 2021June 21, 2021 by Dmitry Uchakin

This week Apple and Google fixed zero-day vulnerabilities. More information about APTs and ransomware. All this proves once again that vulnerability management process in information security is just as important as the others. Vulnerabilities: Few zero-days from Chrome and Apple, cool Instagram bug and do you use paint?Tools: Event killer, aim to shellcoders, Rustcat (like … Continue reading Weekly/daily zero-days and ransomware news →