TOP 5 CVEs that were most often exploited by Positive Technologies pentesters in 2023. The report was released on July 2. I generated a rap track on this topic in Russian using Suno. 🙂 English subtitles available.
List of vulnerabilities:
🔻 Remote Code Execution – Microsoft Exchange “ProxyNotShell” (CVE-2022-41040, CVE-2022-41080, CVE-2022-41082)
🔻 Remote Code Execution – Bitrix Site Manager “PollsVotes” (CVE-2022-27228)
🔻 Elevation of Privilege – Polkit “PwnKit” (CVE-2021-4034)
An idea worth a million Hamster coins. 🐹😅 Website/app to tap on CVEs. But it will make sense to tap not on all CVEs, but only on those that should have a confirmed exploit or sign of exploitation in the wild within the next week.
🪙 When such a sign or exploit does appear, distribute coins to those who have been tapping on this vulnerability for the last week. In proportion to the number of taps, the criticality of the vulnerability, etc.
📈 And based on the analysis of these taps, it will be possible to make forecasts on the exploitability of vulnerabilities. With the help of AI, of course.
I am sure that this will work much better than EPSS and social network fortune tellers. 😅
IT Security in The New Pope. Lol, IT Security is everywhere. Even in the first episode of “The New Pope” TV series (the sequel of “The Young Pope”, 2016) some monks change credentials in the Vatican’s IT systems under cover of night. This happened after, well, some unexpected changes in the corporate culture and organizational structure. ?
– How did it go?
– Very well. We’ve changed the passwords, only you can log on to the bank accounts. The vault too, only you can get in.
– Tomorrow they’ll be crying.
I hope it won’t be a big spoiler. ? The episode was great. ? ?
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.