Important updates for Cisco and Adobe products, attack on Garmin and Diebold Nixdorf

This week Cisco and Adobe released Emergency updates for their products. And the biggest news of the week are the attacks on Garmin and ATM maker Diebold Nixdorf. Feedback: https://forms.gle/D17BaFwD5hJnKkUUA Vulnerabilities Path traversal in Cisco's network security software CVE-2020-3452. A path traversal aims to access files and directories that are stored outside the web root folder. … Continue reading Important updates for Cisco and Adobe products, attack on Garmin and Diebold Nixdorf

Apple devices for security researchers

Great news for security researchers and bug hunters! Apple officially started "The Security Research Device (SRD)" program to provide its devices to security researchers. To participate in this program, you need to meet several conditions: Developer account (99$/year);Bugs / vulnerabilities in the Apple platforms or in other popular and modern platforms / operating systems;You must … Continue reading Apple devices for security researchers

SAP, SIGred, procmon for Linux, Tsunami, Twitter and ZOOM?

Vulnerabilities: There was a couple of high-profile news about vulnerabilities this week: SAP and SIGred (Patch it please!)Tools: A couple of cool tools appeared: procmon for Linux and Tsunami scanner from googleNews: Over 100 high profile Twitter accounts hacked via internal tool that was leaked by a Twitter employee. ZOOM? Again?And Research, because technical descriptions … Continue reading SAP, SIGred, procmon for Linux, Tsunami, Twitter and ZOOM?

Windows DNS vulnerability – CVSS 10

On the second Tuesday in July, Microsoft released patches for 123 CVEs. But the most dangerous of all is the vulnerability CVE-2020-1350 in the Windows DNS Server versions 2003 to 2019. Vulnerability allows an unauthenticated user (attacker) to execute remote code on the target system. It can be exploited by sending crafted DNS query to … Continue reading Windows DNS vulnerability – CVSS 10

Vulners weekly digest #14

There are 4 sections:Vulnerabilities Tools News Research Feedback: https://forms.gle/D17BaFwD5hJnKkUUA Vulnerabilities Not so long ago, the 0-day vulnerability of CVE-2019-19781 was discussed in Citrix ADC and Citrix Gateway, which went unnoticed for at least a month and was used by various hacker groups. This week, Citrix released security updates for Citrix ADC, Citrix Gateway and Citrix SD-WAN … Continue reading Vulners weekly digest #14

Vulners weekly digest #13

There are 4 sections:VulnerabilitiesToolsNewsResearch Feedback: https://forms.gle/D17BaFwD5hJnKkUUA Vulnerabilities Vulnerability CVE-2020-5902 in F5 BIG-IP received a CVSS score of 10. Exploiting the vulnerability allows executing commands on behalf of an unauthorized user and completely compromising the system, for example, intercepting the traffic of web resources controlled by the controller. https://twitter.com/i/status/1280008779359125504 https://vulners.com/thn/THN:02088F21DB6E2D58FA2FBFDB5C735108 Multiple vulnerabilities in popular remote desktop … Continue reading Vulners weekly digest #13

Monthly Vulners Review #3

Monthly review for the first time in four sections. Feedback: https://forms.gle/D17BaFwD5hJnKkUUA Vulnerabilities and exploits Bitdefender fixed the vulnerability in SafePay, a secure browser designed to protect sensitive online transactions, such as online banking and electronic purchases. Exploitation of vulnerability CVE-2020-8102 allows an attacker to remotely execute commands in the context of a user on a … Continue reading Monthly Vulners Review #3

Vulners weekly digest #12

This week Vulners integrated with data about Android vulnerabilities! Already available at Vulners DB: https://vulners.com/search?query=type:android There's a lot more interesting news this week:Combo of the VulnerabilitiesSerious toolsSome unusual news.And very briefly on fresh research Vulnerabilities CVE-2020-1206 We already mentioned SMBleed in the last digest. This week, we managed to find some research on the subject. … Continue reading Vulners weekly digest #12

Ripple20 zero-day vulnerabilities in IOT devices

The U.S. Department of Homeland Security and CISA ICS-CERT have published security notices about recently discovered vulnerabilities, collectively referred to as Ripple20. Ripple20 includes 19 vulnerabilities affecting billions of Internet-connected devices from 500 vendors around the world. The problems were found in the Treck TCP/IP library and with their help an attacker can remotely gain … Continue reading Ripple20 zero-day vulnerabilities in IOT devices

Vulners weekly digest #11

4 sections:VulnerabilitiesToolsNewsResearches (red teaming, threat hunting, malware) Vulnerabilities June's "the second Tuesday patch" has become the largest in the history of Microsoft. The patches fix 129 vulnerabilities – the maximum number of security issues ever closed by Microsoft in a single "fix Tuesday". However, despite the number of vulnerabilities, none of them is a zero-day … Continue reading Vulners weekly digest #11