Zero-day for Apple (Safari), tools and malware news

Stealing local files via Safari, few PoCs with exploit, so veriety malware and blue team research (mostly). Vulnerabilities: Have you ever seen a digest without Microsoft?Tools: Mix of tools for the red and blue team;News: Mainly about malware and cats. Not everyone loves cats;Research: Usefull for SOC analysts and DFIR. Feedback -> here Vulnerabilities CVE-2020-3952 … Continue reading Zero-day for Apple (Safari), tools and malware news

The two most important conferences of the year and new facebook tool

This week there were such significant events as Defcon and Black Hat 2020. Some of the materials from these conferences are in today's digest. Vulnerabilities: Cool material from Blackhat 2020 and Qualcomm vulnerabilities. Tools: New code analyzer from facebook. News: Data leak and ransomware for Canon (like Garmin). Research: Mostly for the blue/purple teams. Feedback: … Continue reading The two most important conferences of the year and new facebook tool

Apple devices for security researchers

Great news for security researchers and bug hunters! Apple officially started "The Security Research Device (SRD)" program to provide its devices to security researchers. To participate in this program, you need to meet several conditions: Developer account (99$/year);Bugs / vulnerabilities in the Apple platforms or in other popular and modern platforms / operating systems;You must … Continue reading Apple devices for security researchers

Vulners weekly digest #13

There are 4 sections:VulnerabilitiesToolsNewsResearch Feedback: https://forms.gle/D17BaFwD5hJnKkUUA Vulnerabilities Vulnerability CVE-2020-5902 in F5 BIG-IP received a CVSS score of 10. Exploiting the vulnerability allows executing commands on behalf of an unauthorized user and completely compromising the system, for example, intercepting the traffic of web resources controlled by the controller. https://twitter.com/i/status/1280008779359125504 https://vulners.com/thn/THN:02088F21DB6E2D58FA2FBFDB5C735108 Multiple vulnerabilities in popular remote desktop … Continue reading Vulners weekly digest #13

Monthly Vulners Review #3

Monthly review for the first time in four sections. Feedback: https://forms.gle/D17BaFwD5hJnKkUUA Vulnerabilities and exploits Bitdefender fixed the vulnerability in SafePay, a secure browser designed to protect sensitive online transactions, such as online banking and electronic purchases. Exploitation of vulnerability CVE-2020-8102 allows an attacker to remotely execute commands in the context of a user on a … Continue reading Monthly Vulners Review #3

Vulners weekly digest #10

Default 4 sections:VulnerabilitiesToolsNewsThreat hunting and malware research Vulnerabilities Apple has released updates to fix a CVE-2020-9859 that was used to jailbreak an iPhone with iOS 13.5. The vulnerability affects the iOS kernel and can allow an application to execute arbitrary code with kernel privileges. https://vulners.com/apple/APPLE:HT211214 CVE-2020-2883 in the Oracle WebLogic Server product of Oracle Fusion … Continue reading Vulners weekly digest #10

Jailbreak for any IOS devices

Last weekend, a team of information security experts and reverse engineers introduced a new version of the Unc0ver jailbreak (5.0.0). This tool works for almost any iPhone, even with the latest iOS 13.5 on board. Unc0ver authors say it exploits a zero kernel vulnerability in the iOS kernel, which Apple experts are not yet aware … Continue reading Jailbreak for any IOS devices