zero-day – Vulners Blog

Lots of zero-day vulnerabilities, and how’s your start of the year?

Posted on January 18, 2021 by Dmitry Uchakin

There is one or more zero-day in each vulnerability section. Intel takes care of the threat from ransomware, the attacker gained access to Microsoft accounts, and, as usual, a little bit about the most interesting new malware with the highest impact. Vulnerabilities: Mostly zero-days;Tools: Outlook research + new tool, OSINT, web testing and defense evasion;News: … Continue reading Lots of zero-day vulnerabilities, and how’s your start of the year? →

Available Microsoft 0-day , new SolarWinds vulnerability and others

Posted on December 28, 2020 by Dmitry Uchakin

Microsoft is surprised that they do not fix vulnerability zero with the existing PoC and there has been an exploit for the previous version of the bug for a long time. It is useless to post information about the SolarWinds hack, because there are too many of them and new facts (vulnerabilities) keep appearing. In … Continue reading Available Microsoft 0-day , new SolarWinds vulnerability and others →

Zero-Day Vulnerability Month, new Vulners events and malware

Posted on November 16, 2020November 16, 2020 by Dmitry Uchakin

There are many zero-day vulnerabilities this month that were only recently patched. Most helpful tools and news. We also decided to add a section on what's new for Vulners this month. Vulners events: Our strongest vulnerability database, which is convenient to work with, is regularly updated and gets better;Vulnerabilities: Google is updating its zero-days non-stop, … Continue reading Zero-Day Vulnerability Month, new Vulners events and malware →

Digest with vulnerabilities, emergency updates and attack subjects

Posted on November 9, 2020December 15, 2020 by Dmitry Uchakin

Zero-day vulnerabilities are not diminishing, and those that are already actively used in attacking actions. Quick release update - great! A lot of updates is not great! Vulnerabilities: Apple critical update, zero-day from Google, FireEye reports and etc;Tools: Promising tools that surprise with their growth;News: Twitter bot, some attacks and hacker cup;Research: Useful staff for … Continue reading Digest with vulnerabilities, emergency updates and attack subjects →

Zero-day for Apple (Safari), tools and malware news

Posted on August 31, 2020August 31, 2020 by Dmitry Uchakin

Stealing local files via Safari, few PoCs with exploit, so veriety malware and blue team research (mostly). Vulnerabilities: Have you ever seen a digest without Microsoft?Tools: Mix of tools for the red and blue team;News: Mainly about malware and cats. Not everyone loves cats;Research: Usefull for SOC analysts and DFIR. Feedback -> here Vulnerabilities CVE-2020-3952 … Continue reading Zero-day for Apple (Safari), tools and malware news →

Monthly review with zero-day in the wild, BootHole and news about Garmin with “Tamagotchi for hackers”

Posted on August 3, 2020August 3, 2020 by Dmitry Uchakin

In this monthly review, the most interesting materials of the month that were not included in previous weekly digests: Vulnerabilities Tools News Research

Ripple20 zero-day vulnerabilities in IOT devices

Posted on June 22, 2020 by Dmitry Uchakin

The U.S. Department of Homeland Security and CISA ICS-CERT have published security notices about recently discovered vulnerabilities, collectively referred to as Ripple20. Ripple20 includes 19 vulnerabilities affecting billions of Internet-connected devices from 500 vendors around the world. The problems were found in the Treck TCP/IP library and with their help an attacker can remotely gain … Continue reading Ripple20 zero-day vulnerabilities in IOT devices →