Lots of zero-day vulnerabilities, and how’s your start of the year?

There is one or more zero-day in each vulnerability section. Intel takes care of the threat from ransomware, the attacker gained access to Microsoft accounts, and, as usual, a little bit about the most interesting new malware with the highest impact. Vulnerabilities: Mostly zero-days;Tools: Outlook research + new tool, OSINT, web testing and defense evasion;News: … Continue reading Lots of zero-day vulnerabilities, and how’s your start of the year?

Available Microsoft 0-day , new SolarWinds vulnerability and others

Microsoft is surprised that they do not fix vulnerability zero with the existing PoC and there has been an exploit for the previous version of the bug for a long time. It is useless to post information about the SolarWinds hack, because there are too many of them and new facts (vulnerabilities) keep appearing. In … Continue reading Available Microsoft 0-day , new SolarWinds vulnerability and others

Zero-Day Vulnerability Month, new Vulners events and malware

There are many zero-day vulnerabilities this month that were only recently patched. Most helpful tools and news. We also decided to add a section on what's new for Vulners this month. Vulners events: Our strongest vulnerability database, which is convenient to work with, is regularly updated and gets better;Vulnerabilities: Google is updating its zero-days non-stop, … Continue reading Zero-Day Vulnerability Month, new Vulners events and malware

Digest with vulnerabilities, emergency updates and attack subjects

Zero-day vulnerabilities are not diminishing, and those that are already actively used in attacking actions. Quick release update - great! A lot of updates is not great! Vulnerabilities: Apple critical update, zero-day from Google, FireEye reports and etc;Tools: Promising tools that surprise with their growth;News: Twitter bot, some attacks and hacker cup;Research: Useful staff for … Continue reading Digest with vulnerabilities, emergency updates and attack subjects

Zero-day for Apple (Safari), tools and malware news

Stealing local files via Safari, few PoCs with exploit, so veriety malware and blue team research (mostly). Vulnerabilities: Have you ever seen a digest without Microsoft?Tools: Mix of tools for the red and blue team;News: Mainly about malware and cats. Not everyone loves cats;Research: Usefull for SOC analysts and DFIR. Feedback -> here Vulnerabilities CVE-2020-3952 … Continue reading Zero-day for Apple (Safari), tools and malware news

Ripple20 zero-day vulnerabilities in IOT devices

The U.S. Department of Homeland Security and CISA ICS-CERT have published security notices about recently discovered vulnerabilities, collectively referred to as Ripple20. Ripple20 includes 19 vulnerabilities affecting billions of Internet-connected devices from 500 vendors around the world. The problems were found in the Treck TCP/IP library and with their help an attacker can remotely gain … Continue reading Ripple20 zero-day vulnerabilities in IOT devices