Hello everyone! This will be an episode about the Microsoft vulnerabilities that were released on June Patch Tuesday and also between May and June Patch Tuesdays.
Alternative video link (for Russia): https://vk.com/video-149273431_456239094
On June Patch Tuesday, June 14, 56 vulnerabilities were released. Between May and June Patch Tuesdays, 38 vulnerabilities were released. This gives us 94 vulnerabilities in the report.
Continue readingHello everyone! In this short episode, I want to talk about the new feature in Vulners Linux API.
Alternative video link (for Russia): https://vk.com/video-149273431_456239092
Linux security bulletin publication dates are now included in scan results. Why is it useful?
Continue readingHello everyone! In this episode, I want to talk about the Positive Hack Days 11 conference, which took place on May 18 and 19 in Moscow. As usual, I want to express my personal opinion about this event.
Alternative video link (for Russia): https://vk.com/video-149273431_456239091
As I did last year, I want to start talking about this conference with a few words about the sanctions. US sanctions against Positive Technologies, the organizers of Positive Hack Days, were introduced a year ago. At that time it seemed very serious and extraordinary. But today, when our country has become the most sanctioned country in the world, those sanctions against Positive Technologies seem very ordinary and unimportant. In fact, it even seems to benefit the company somehow.
Continue readingHello everyone! This episode will be about the AM Live Vulnerability Management online conference. I participated in it on May 17th.
Alternative video link (for Russia): https://vk.com/video-149273431_456239090
The event lasted 2 hours. Repeating everything that has been said is difficult and makes little sense. Those who want can watch the full video or read the article about the event (both in Russian). Here I would like to share my impressions, compare this event with last year’s and express my position.
Continue readingHello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, I’m using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presented by Microsoft since the previous Patch Tuesday, April 12th.
Alternative video link (for Russia): https://vk.com/video-149273431_456239089
I have set direct links in comments_links.txt for Qualys, ZDI and Kaspersky blog posts.
Continue readingHello everyone! In this episode, I want to talk about the latest updates to my open source vulnerability prioritization project Vulristics.
Alternative video link (for Russia): https://vk.com/video-149273431_456239088
A fairly common problem: we have a CVE without an available CVSS vector and score. For example, this was the case with CVE-2022-1364 Type Confusion in V8 (Chromium). This vulnerability does not exist in NVD.
Continue readingHello everyone! This video was recorded for the VMconf 22 Vulnerability Management conference, vmconf.pw. I will be talking about malicious open source and the cost of using someone else’s code.
Alternative video link (for Russia): https://vk.com/video-149273431_456239086
Video in Russian from CISO Forum 2022: https://youtu.be/LPXg-MEamVA
To be honest, at the beginning of the year I did not plan to talk about these things. But life changes rapidly and unpredictably, so it becomes impossible not to talk about this.
Continue readingThis is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.