Important updates for Cisco and Adobe products, attack on Garmin and Diebold Nixdorf

This week Cisco and Adobe released Emergency updates for their products. And the biggest news of the week are the attacks on Garmin and ATM maker Diebold Nixdorf. Feedback: Vulnerabilities Path traversal in Cisco's network security software CVE-2020-3452. A path traversal aims to access files and directories that are stored outside the web root folder. … Continue reading Important updates for Cisco and Adobe products, attack on Garmin and Diebold Nixdorf

Apple devices for security researchers

Great news for security researchers and bug hunters! Apple officially started "The Security Research Device (SRD)" program to provide its devices to security researchers. To participate in this program, you need to meet several conditions: Developer account (99$/year);Bugs / vulnerabilities in the Apple platforms or in other popular and modern platforms / operating systems;You must … Continue reading Apple devices for security researchers

SAP, SIGred, procmon for Linux, Tsunami, Twitter and ZOOM?

Vulnerabilities: There was a couple of high-profile news about vulnerabilities this week: SAP and SIGred (Patch it please!)Tools: A couple of cool tools appeared: procmon for Linux and Tsunami scanner from googleNews: Over 100 high profile Twitter accounts hacked via internal tool that was leaked by a Twitter employee. ZOOM? Again?And Research, because technical descriptions … Continue reading SAP, SIGred, procmon for Linux, Tsunami, Twitter and ZOOM?

Windows DNS vulnerability – CVSS 10

On the second Tuesday in July, Microsoft released patches for 123 CVEs. But the most dangerous of all is the vulnerability CVE-2020-1350 in the Windows DNS Server versions 2003 to 2019. Vulnerability allows an unauthenticated user (attacker) to execute remote code on the target system. It can be exploited by sending crafted DNS query to … Continue reading Windows DNS vulnerability – CVSS 10

Vulners weekly digest #14

There are 4 sections:Vulnerabilities Tools News Research Feedback: Vulnerabilities Not so long ago, the 0-day vulnerability of CVE-2019-19781 was discussed in Citrix ADC and Citrix Gateway, which went unnoticed for at least a month and was used by various hacker groups. This week, Citrix released security updates for Citrix ADC, Citrix Gateway and Citrix SD-WAN … Continue reading Vulners weekly digest #14

Vulners weekly digest #13

There are 4 sections:VulnerabilitiesToolsNewsResearch Feedback: Vulnerabilities Vulnerability CVE-2020-5902 in F5 BIG-IP received a CVSS score of 10. Exploiting the vulnerability allows executing commands on behalf of an unauthorized user and completely compromising the system, for example, intercepting the traffic of web resources controlled by the controller. Multiple vulnerabilities in popular remote desktop … Continue reading Vulners weekly digest #13