Tag Archives: Kaspersky

Attackers are distributing malware on social networks under the guise of the regreSSHion exploit (CVE-2024-6387)

Attackers are distributing malware on social networks under the guise of the regreSSHion exploit (CVE-2024-6387). According to Kaspersky Lab experts, this is an attack on cybersecurity specialists. The attackers invite victims to examine an archive that supposedly contains a functional regreSSHion exploit, a list of IP addresses, and some payload.

🔻 The source code resembles a slightly edited version of a non-functional proof-of-concept exploit for this vulnerability that was already public.

🔻 One of the Python scripts simulates the exploitation of the vulnerability on IP addresses from the list. But in reality, it launches malware that achieves persistence in the system and downloads additional payload. The malware modifies /etc/cron.hourly and the operation of the ls command.

If you are examining someone else’s code, do so in a securely isolated environment and be aware that you may be attacked this way. 😉

На русском

Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs

1 Reply

Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs. Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays.

Alternative video link (for Russia): https://vk.com/video-149273431_456239131

As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities.

Continue reading →

Is it possible to detect Zero Day vulnerabilities with Vulnerability Management solutions?

Leave a reply

Is it possible to detect Zero Day vulnerabilities with Vulnerability Management solutions? Hello everyone! In my English-language telegram chat avleonovchat, the question was asked: “How to find zero day vulnerabilities with Qualys?” Apparently this question can be expanded. Not just with Qualys, but with any VM solution in general. And is it even possible? There was an interesting discussion.

Alternative video link (for Russia): https://vk.com/video-149273431_456239109

Image generated by Stable Diffusion 2.1: “calendar on the wall cyber security vulnerability zero day”

The question is not so straightforward. To answer it, we need to define what a Zero Day vulnerability is. If we look at wikipedia, then historically “0” is the number of days a vendor has to fix a vulnerability.

“Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of days that the vendor has had to fix them.”

Continue reading →

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Leave a reply

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities. Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August Patch Tuesdays.

Alternative video link (for Russia): https://vk.com/video-149273431_456239098

There were 147 vulnerabilities. Urgent: 1, Critical: 0, High: 36, Medium: 108, Low: 2.

There was a lot of great stuff this Patch Tuesday. There was a critical exploited in the wild MSDT DogWalk vulnerability, 3 critical Exchange vulnerabilities that could be easily missed in prioritization, 13 potentially dangerous vulnerabilities, 2 funny vulnerabilities and 3 mysterious ones. Let’s take a closer look.

Continue reading →

AM Live Vulnerability Management Conference 2022: my impressions and position

Leave a reply

AM Live Vulnerability Management Conference 2022: my impressions and position. Hello everyone! This episode will be about the AM Live Vulnerability Management online conference. I participated in it on May 17th.

Alternative video link (for Russia): https://vk.com/video-149273431_456239090

The event lasted 2 hours. Repeating everything that has been said is difficult and makes little sense. Those who want can watch the full video or read the article about the event (both in Russian). Here I would like to share my impressions, compare this event with last year’s and express my position.

Continue reading →

Microsoft Patch Tuesday April 2022 and custom CVE comments sources in Vulristics

Leave a reply

Microsoft Patch Tuesday April 2022 and custom CVE comments sources in Vulristics. Hello everyone! This episode will be about Microsoft Patch Tuesday for April 2022 and new improvements in my Vulristics project. I decided to add more comment sources. Because it’s not just Tenable, Qualys, Rapid7 and ZDI make Microsoft Patch Tuesday reviews, but also other security companies and bloggers.

Alternative video link (for Russia): https://vk.com/video-149273431_456239085

You can see them in my automated security news telegram channel avleonovnews after every second Tuesday of the month. So, now you can add any links with CVE comments to Vulristics.

Continue reading →

CISO Forum 2022: the first major Russian security conference in the New Reality

1 Reply

CISO Forum 2022: the first major Russian security conference in the New Reality. Hello everyone! After a two-year break, I took part in Moscow CISO Forum 2022 with a small talk “Malicious open source: the cost of using someone else’s code”.

Alternative video link (for Russia): https://vk.com/video-149273431_456239084

CISO Forum is the first major Russian conference since the beginning of The New Reality of Information Security (TNRoIS). My presentation was just on this topic. How malicious commits in open source projects change development and operations processes. I will make a separate video about this (upd. added Malicious Open Source: the cost of using someone else’s code). In this episode, I would like to tell you a little about the conference itself.

Continue reading →

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: Kaspersky

Attackers are distributing malware on social networks under the guise of the regreSSHion exploit (CVE-2024-6387)

Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs

Is it possible to detect Zero Day vulnerabilities with Vulnerability Management solutions?

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

AM Live Vulnerability Management Conference 2022: my impressions and position

Microsoft Patch Tuesday April 2022 and custom CVE comments sources in Vulristics

CISO Forum 2022: the first major Russian security conference in the New Reality