Date Author Title
2023-11-30John BambenekProphetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
2023-11-22Guy BruneauCVE-2023-1389: A New Means to Expand Botnets
2023-11-06Johannes UllrichExploit Activity for CVE-2023-22518, Atlassian Confluence Data Center and Server
2023-08-28Didier StevensAnalysis of RAR Exploit Files (CVE-2023-38831)
2023-07-12Brad DuncanLoader activity for Formbook "QM18"
2023-06-17Brad DuncanFormbook from Possible ModiLoader (DBatLoader)
2023-05-14Guy BruneauVMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-03-25Guy BruneauMicrosoft Released an Update for Windows Snipping Tool Vulnerability
2023-02-22Johannes UllrichInternet Wide Scan Fingerprinting Confluence Servers
2023-01-11Jan KoprivaPassive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog
2022-12-22Guy BruneauExchange OWASSRF Exploited for Remote Code Execution
2022-12-16Guy BruneauVMware Security Updates
2022-08-14Johannes UllrichRealtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255
2022-06-09Brad DuncanTA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
2022-05-13Johannes UllrichFrom 0-Day to Mirai: 7 days of BIG-IP Exploits
2022-04-28Johannes UllrichA Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
2022-04-14Johannes UllrichAn Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW
2022-02-26Guy BruneauUsing Snort IDS Rules with NetWitness PacketDecoder
2022-01-12Johannes UllrichA Quick CVE-2022-21907 FAQ
2021-12-18Guy BruneauVMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html
2021-12-14Johannes UllrichLog4j: Getting ready for the long haul (CVE-2021-44228)
2021-11-26Guy BruneauSearching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
2021-11-20Guy BruneauHikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-10-30Guy BruneauRemote Desktop Protocol (RDP) Discovery
2021-10-16Guy BruneauApache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-06Johannes UllrichApache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773)
2021-06-26Guy BruneauCVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-02-24Brad DuncanMalspam pushes GuLoader for Remcos RAT
2021-01-11Rob VandenBrinkUsing the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3)
2021-01-07Rob VandenBrinkUsing the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3)
2021-01-07Rob VandenBrinkDirectly related to today's main story on CPE/CVEs - Code Exec in Cisco Jabber, all platforms https://nvd.nist.gov/vuln/detail/CVE-2020-26085
2020-12-18Jan KoprivaA slightly optimistic tale of how patching went for CVE-2019-19781
2020-11-21Guy BruneauVMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html
2020-11-16Jan KoprivaHeartbleed, BlueKeep and other vulnerabilities that didn't disappear just because we don't talk about them anymore
2020-10-29Johannes UllrichPATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots
2020-10-28Jan KoprivaSMBGhost - the critical vulnerability many seem to have forgotten to patch
2020-08-08Guy BruneauScanning Activity Include Netcat Listener
2020-08-04Johannes UllrichReminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
2020-07-22Rick WannerA few IoCs related to CVE-2020-5902
2020-07-15Johannes UllrichPATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2020-07-06Johannes UllrichSummary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits
2020-05-28Xavier MertensFlashback on CVE-2019-19781
2020-05-14Rob VandenBrinkPatch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-01-16Bojan ZdrnjaSumming up CVE-2020-0601, or the Let?s Decrypt vulnerability
2020-01-15Johannes UllrichCVE-2020-0601 Followup
2020-01-13Didier StevensCitrix ADC Exploits: Overview of Observed Payloads
2020-01-11Johannes UllrichCitrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-07Johannes UllrichA Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)
2019-11-06Brad DuncanMore malspam pushing Formbook
2019-06-19Johannes UllrichCritical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-05-22Johannes UllrichAn Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-04-28Johannes UllrichUpdate about Weblogic CVE-2019-2725 (Exploits Used in the Wild, Patch Status)
2019-03-09Guy BruneauA Comparison Study of SSH Port Activity - TCP 22 & 2222
2019-02-02Guy BruneauScanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2018-08-20Didier StevensOpenSSH user enumeration (CVE-2018-15473)
2018-05-22Guy BruneauVMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-05-04Lorna HutchesonVulnerabilities on the Rise?
2017-12-30Xavier Mertens2017, The Flood of CVEs
2017-05-18Xavier MertensMy Little CVE Bot
2016-10-22Guy BruneauRequest for Packets TCP 4786 - CVE-2016-6385
2016-07-17Guy BruneauJuniper -> Junos: Self-signed certificate with spoofed trusted Issuer CN accepted as valid - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search
2016-02-13Guy BruneauVMware VMSA-2015-0007.3 has been Re-released
2016-01-31Guy BruneauOpenSSL 1.0.2 Advisory and Update
2016-01-30Xavier MertensAll CVE Details at Your Fingertips
2015-07-12Guy BruneauPHP 5.x Security Updates
2015-06-16John BambenekCVE-2014-4114 and an Interesting AV Bypass Technique
2015-04-15Johannes UllrichMS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
2015-01-27Johannes UllrichNew Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
2014-09-25Johannes UllrichUpdate on CVE-2014-6271: Vulnerability in bash (shellshock)
2014-09-24Pedro BuenoAttention *NIX admins, time to patch!
2014-06-12Guy BruneauBIND Security Update for CVE-2014-3859
2014-06-12Johannes UllrichMetasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
2014-04-08Guy BruneauOpenSSL CVE-2014-0160 Fixed
2014-03-24Johannes UllrichNew Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
2014-03-02Stephen HallSymantec goes yellow
2013-10-01John Bambenek*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-20Russ McReeThreat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-08-16Kevin ListonCVE-2013-2251 Apache Struts 2.X OGNL Vulnerability
2013-06-01Guy BruneauExploit Sample for Win32/CVE-2012-0158
2013-05-20Guy BruneauSafe - Tools, Tactics and Techniques
2013-05-09Johannes UllrichMicrosoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-02-11John BambenekOpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/
2013-01-19Guy BruneauJava 7 Update 11 Still has a Flaw
2013-01-04Guy Bruneau"FixIt" Patch for CVE-2012-4792 Bypassed
2012-09-23Tony CarothersUpdate for CVE-2012-3132
2012-06-20Raul SilesCVE-2012-0217 (from MS12-042) applies to other environments too
2012-06-18Guy BruneauCVE-2012-1875 exploit is now available
2012-05-25Guy BruneauTechnical Analysis of Flash Player CVE-2012-0779
2012-04-19Kevin ShorttOpenSSL Security Advisory - CVE-2012-2110
2012-02-09Richard PorterDNS Ghost Domains, How I loath you so!
2012-01-12Rob VandenBrinkPHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-10-06Rob VandenBrinkApache HTTP Server mod_proxy reverse proxy issue
2011-05-27Kevin ListonManaging CVE-0
2011-04-28Chris MohanGathering and use of location information fears - or is it all a bit too late
2011-02-23Manuel Humberto Santander PelaezBind DOS vulnerability (CVE-2011-0414)
2010-11-16Guy Bruneau OpenSSL TLS Extension Parsing Race Condition
2010-10-30Guy BruneauSecurity Update for Shockwave Player
2010-10-28Manuel Humberto Santander PelaezCVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability
2010-09-17Robert DanfordCirca 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)
2010-09-13Manuel Humberto Santander PelaezAdobe SING table parsing exploit (CVE-2010-2883) in the wild
2010-09-12Manuel Humberto Santander PelaezAdobe Acrobat pushstring Memory Corruption paper
2010-09-08John BambenekAdobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory
2010-08-25Pedro BuenoAdobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-07-20Manuel Humberto Santander PelaeziTunes buffer overflow vulnerability
2010-06-15Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-01-19Jim ClausingThe IE saga continues, out-of-cycle patch coming soon
2010-01-15Kevin ListonExploit code available for CVE-2010-0249
2010-01-12Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2010-01-04Bojan ZdrnjaSophisticated, targeted malicious PDF documents exploiting CVE-2009-4324
2009-05-28Stephen HallMicrosoft DirectShow vulnerability