Microsoft patch, powerfull malware and zero-days

Macrosoft, as usual, closed one problem - two new ones appeared. In this weekly digest there are many mentions of using the latest vulnerabilities in attacks. It shows the impact of vulnerability managment process and what happens if you don't do it. Vulnerabilities: Default Microsoft patch, too critical vulnerabilities in VPN soft and etc.;Tools: Mainly … Continue reading Microsoft patch, powerfull malware and zero-days

Monthly bunch of vulnerabilities in different directions and almost without hype

In this monthly overview we want to show you something that has not been written about yet, but at the end of the month we consider the most interesting and cool. Vulnerabilities: Several vulnerabilities for an enterprise, a few for regular users and a couple of non-standard ones worth knowing about;Tools: Other Undescribed Tools: web, … Continue reading Monthly bunch of vulnerabilities in different directions and almost without hype

ICS vulnerabilities, new features from GitHub and ransomware

More and more often, ICSs become the target of ransomware attacks. The industrial field is very important, besides this week came out a set of critical vulnerabilities. Also, GitHub released functionality to scan repositories and a lot of research materials to expose threats. Vulnerabilities: ICS 🙂 and vulnerability in the wild;Tools: Git, smbAutoRelay, etc;News: New … Continue reading ICS vulnerabilities, new features from GitHub and ransomware

Everybody knows: windows source code leak, zerologon updates and other fresh vulnerabilities

Checkpoint published tech review about Instagram vulnerability, remember Saltstack? Quiet digest, no ransomware or attack reports. Vulnerabilities: Important, non-standard and interesting ones;Tools: Mostly cool attacking tools;News: Additional news about Instagram and CISA;Research: Less than usual, there is something to read. Feedback -> here Vulnerabilities Cisco Systems released fixes for vulnerabilities in the widespread IOS operating … Continue reading Everybody knows: windows source code leak, zerologon updates and other fresh vulnerabilities

Weekly Digest not only about Zerologon

Of course, the top news of the week is Zerologon. But what about new IOS updates with fix critical vulnerabilities? What about other news in the world of information security? Vulnerabilities: Cool report with h1, IOS and Bluetooth (again?);Tools: KQL with Microsoft and others;News: The largest Magecart infection, NCSC and IOS;Research: A bit of everything. … Continue reading Weekly Digest not only about Zerologon

Second Tuesday patch, another victim of the ransomware and a friendly reaction of CERT teams to counter Emotet

ICS attacks, little known to the general public, are perhaps the most devastating in terms of potential negative consequences. New Bluetooth vulnerability and cool malware news. Vulnerabilities: Not an interesting microsoft patch (yet), ICS and bluetooth;Tools: Traditionally;News: Malware activity and CERT alert;Research: Mainly for Windows enthusiasts. Feedback -> here Vulnerabilities Microsoft released another September security … Continue reading Second Tuesday patch, another victim of the ransomware and a friendly reaction of CERT teams to counter Emotet

IOCs for you with Vulners

Everyone around is constantly advised to use free and public feeds without the possibility of using unique. Besides, many of them duplicate each other and in most cases, expertise costs money. But what if you want better result with a minimum of effort? This is exactly what we did. RST Threat Feed team shared their … Continue reading IOCs for you with Vulners

Monthly review without Microsoft, a lot of cool tools, Flipper project and new malware

More and more new news about bypassing fixed vulnerabilities appear. And it's great! After all, it means that there are more people who care and they continue to research the problems after they have been fixed. Vulnerabilities: Cisco and Apache are trying very hard to fix their vulnerabilities, but there are still too many…;Tools: All … Continue reading Monthly review without Microsoft, a lot of cool tools, Flipper project and new malware

Zero-day for Apple (Safari), tools and malware news

Stealing local files via Safari, few PoCs with exploit, so veriety malware and blue team research (mostly). Vulnerabilities: Have you ever seen a digest without Microsoft?Tools: Mix of tools for the red and blue team;News: Mainly about malware and cats. Not everyone loves cats;Research: Usefull for SOC analysts and DFIR. Feedback -> here Vulnerabilities CVE-2020-3952 … Continue reading Zero-day for Apple (Safari), tools and malware news

Two zero-day vulnerabilities per week, update for popular tools and stories about ransomware

Two zero-day vulnerabilities per week from Microsoft, update for popular tools, stories about ransomware and blue team like red to fight with evil. Vulnerabilities: Microsoft patched zero-day which detected in the wil!Tools: Upd for one of the most famous red team toolsNews: Have you ever hear about vulnerability in malware?Research: Elastic team reseased some cool … Continue reading Two zero-day vulnerabilities per week, update for popular tools and stories about ransomware