Tag Archives: Apple

Last Week’s Security News: Black Hat Pwnie Awards, iPhone Checks Photos, Evil Windows Print Server, Cisco VPN Routers Takeovers

Leave a reply

Hello everyone! Last Week’s Security News, August 1 – August 8.

Black Hat Pwnie Awards

Last week was more quiet than normal with Black Hat USA and DEF CON security conferences. I would like to start with the Pwnie Awards, which are held annually at Black Hat. It’s like an Oscar or Tony in the information security world. Pwnie Awards recognizes both excellence and incompetence. And, in general, is a very respectable, adequate and fun event.

There were 10 nominations. I will note a few.

  • Firstly 2 nominations, which were received by the guys from Qualys.
    Best Privilege Escalation Bug: Baron Samedit, a 10-year-old exploit in sudo.
    Most Under-Hyped Research: 21Nails, 21 vulnerabilities in Exim, the Internet’s most popular mail server.
  • Best Server-Side Bug: Orange Tsai, for his Microsoft Exchange Server ProxyLogon attack surface discoveries.
  • Most Epic Fail: Microsoft, for their failure to fix PrintNightmare.
  • Best Song: The Ransomware Song by Forrest Brazeal
Continue reading

AVLEONOV Podcast

Leave a reply

I finally launched my own podcast! These are the audio tracks from my videos with some minimal changes, but it may be more convenient for someone to follow me this way. You can try to find my podcast in your podcast player by searching for “avleonov” (well, at least it works in Podcast Addict) or add it with the direct URL https://avleonov.com/podcast/feed.xml.

AVLEONOV Podcast

And here is what I recently learned about podcasting.

Continue reading

Vulnerability Quadrants

8 Replies

Hi everyone! Today I would like talk about software vulnerabilities. How to find really interesting vulnerabilities in the overall CVE flow. And how to do it automatically.

Vulnerability Quadrant

First of all, let’s talk why we may ever need to analyze software vulnerabilities? How people usually do their Vulnerability Management and Vulnerability Intelligence?

VM strategies

  • Some people have a Vulnerability scanner, scan infrastructure with it, patch founded vulnerabilities and think that this will be enough.
  • Some people pay attention to the vulnerabilities that are widely covered by media.
  • Some people use vulnerability databases and search for the most critical vulnerabilities by some criteria.

Each of these ways have some advantages and some disadvantages.

Continue reading