Vulners weekly digest #13

There are 4 sections:VulnerabilitiesToolsNewsResearch Feedback: https://forms.gle/D17BaFwD5hJnKkUUA Vulnerabilities Vulnerability CVE-2020-5902 in F5 BIG-IP received a CVSS score of 10. Exploiting the vulnerability allows executing commands on behalf of an unauthorized user and completely compromising the system, for example, intercepting the traffic of web resources controlled by the controller. https://twitter.com/i/status/1280008779359125504 https://vulners.com/thn/THN:02088F21DB6E2D58FA2FBFDB5C735108 Multiple vulnerabilities in popular remote desktop … Continue reading Vulners weekly digest #13

Monthly Vulners Review #3

Monthly review for the first time in four sections. Feedback: https://forms.gle/D17BaFwD5hJnKkUUA Vulnerabilities and exploits Bitdefender fixed the vulnerability in SafePay, a secure browser designed to protect sensitive online transactions, such as online banking and electronic purchases. Exploitation of vulnerability CVE-2020-8102 allows an attacker to remotely execute commands in the context of a user on a … Continue reading Monthly Vulners Review #3

Vulners weekly digest #12

This week Vulners integrated with data about Android vulnerabilities! Already available at Vulners DB: https://vulners.com/search?query=type:android There's a lot more interesting news this week:Combo of the VulnerabilitiesSerious toolsSome unusual news.And very briefly on fresh research Vulnerabilities CVE-2020-1206 We already mentioned SMBleed in the last digest. This week, we managed to find some research on the subject. … Continue reading Vulners weekly digest #12

Ripple20 zero-day vulnerabilities in IOT devices

The U.S. Department of Homeland Security and CISA ICS-CERT have published security notices about recently discovered vulnerabilities, collectively referred to as Ripple20. Ripple20 includes 19 vulnerabilities affecting billions of Internet-connected devices from 500 vendors around the world. The problems were found in the Treck TCP/IP library and with their help an attacker can remotely gain … Continue reading Ripple20 zero-day vulnerabilities in IOT devices

Vulners weekly digest #11

4 sections:VulnerabilitiesToolsNewsResearches (red teaming, threat hunting, malware) Vulnerabilities June's "the second Tuesday patch" has become the largest in the history of Microsoft. The patches fix 129 vulnerabilities – the maximum number of security issues ever closed by Microsoft in a single "fix Tuesday". However, despite the number of vulnerabilities, none of them is a zero-day … Continue reading Vulners weekly digest #11

Vulners weekly digest #10

Default 4 sections:VulnerabilitiesToolsNewsThreat hunting and malware research Vulnerabilities Apple has released updates to fix a CVE-2020-9859 that was used to jailbreak an iPhone with iOS 13.5. The vulnerability affects the iOS kernel and can allow an application to execute arbitrary code with kernel privileges. https://vulners.com/apple/APPLE:HT211214 CVE-2020-2883 in the Oracle WebLogic Server product of Oracle Fusion … Continue reading Vulners weekly digest #10

Vulners weekly digest #9

Four NO traditional sections in our weekly digest. Enjoy! Vulnerabilities and additional info LPE Windows CVE-2019-0880 Detailed research CVE-2019-0880 without exploit. Zero day? https://byteraptors.github.io/windows/exploitation/2020/05/24/sandboxescape.html According to my tests, this bug seems to be still working against a full-patched Windows 7 system and for this reason I chose not to publish the exploit code. Research story … Continue reading Vulners weekly digest #9

Monthly Vulners Review #2

Vulners eventsThe most interesting vulnerabilities of the monthVery few toolsNews with almost no attacks Vulners events There have been several events for Vulners this month: Intergated with project: https://attackerkb.com which we mentioned at Vulners weekly digest #5;Vullners integrated with data about Apple vulnerabilities. Mentioned at Vulners weekly digest #7;Update our contacts 🙂 Anyone can contact … Continue reading Monthly Vulners Review #2

Jailbreak for any IOS devices

Last weekend, a team of information security experts and reverse engineers introduced a new version of the Unc0ver jailbreak (5.0.0). This tool works for almost any iPhone, even with the latest iOS 13.5 on board. Unc0ver authors say it exploits a zero kernel vulnerability in the iOS kernel, which Apple experts are not yet aware … Continue reading Jailbreak for any IOS devices

Vulners weekly digest #8

Three traditional sections in our weekly digest. Enjoy! Vulnerabilities and attacks Last week, Microsoft released its monthly update - 'the second Tuesday patch', which we haven't mentioned yet, but it was done by Aleksendr Leonov in his blog. On his blog, he gave a brief overview of this update. Various researches have been published this … Continue reading Vulners weekly digest #8