Get Mystery Box with random crypto!

Vulnerability Management and more

Logo of telegram channel avleonovcom — Vulnerability Management and more V
Logo of telegram channel avleonovcom — Vulnerability Management and more
Channel address: @avleonovcom
Categories: Technologies , Blogs
Language: English
Subscribers: 1.79K
Description from channel

Vulnerability assessment, IT compliance management, security automation and other beautiful stuff. Discussion group for this channel: @avleonovchat. PM me @leonov_av

Ratings & Reviews

2.00

2 reviews

Reviews can be left only by registered users. All reviews are moderated by admins.

5 stars

0

4 stars

0

3 stars

1

2 stars

0

1 stars

1


The latest Messages 2

2022-07-28 01:18:03 Let's start with the most important topic. Microsoft propaganda report about the evil Russians and how they (Microsoft) defend one well-known country. I usually avoid such topics, but in this case, I just can't.

1. Most of the report is "water" and unproven "highly-likely" stuff. It's boring to read. More than half of the report is not about cyber attacks at all, but about propaganda/disinformation "attacks" in media, social networks, etc. With strange historical digressions. For example, they give a photo of some article from an Indian newspaper of the 1980s and write that this publication was organized by the KGB. I'm not kidding, look at page 12.
2. On the other hand, the most important thing in this report is not what is written, but who released it. It's not mainstream media, it's not a government agency like the NSA or CIA, it's Microsoft - a global IT vendor that should, in theory, be more or less neutral. And now they are releasing such reports! If you still believe Microsoft is a non-government commercial company, look through this report. This position is the most official, the foreword was written by the current president of Microsoft.
3. From a technical point of view, it is interesting that the state IT infrastructure was transferred to the cloud and Microsoft technologies (Defender for Endpoint?) were used to protect it. Almost all technical information is on the 9th page of the report.
4. They write about 2 important security options. The first is that Microsoft made a free Vulnerability Management for them. "The first has been the use of technology acquired from RiskIQ that identifies and maps organizational attack surfaces, including devices that are unpatched against known vulnerabilities and therefore are the most susceptible to attack." It's not entirely clear how they did it. They could just connect hosts to Defender for Endpoint. But perhaps they massively activated the collection of data from hosts in some other way.
5. The description of the second protection option hints at the existence of a such non-standard methods: "MSTIC recognized that XXX malware could be mitigated meaningfully by turning on a feature in Microsoft Defender called controlled folder access. This typically would require that IT administrators access devices across their organization, work made more difficult and potentially even dangerous in ZZZ conditions. The YYY government therefore authorized Microsoft through special legal measures to act proactively and remotely to turn on this feature across devices throughout the government and across the country." And here it is not so important that Microsoft set up controlled folder access, it is important how they did it. It turns out that MS can massively remotely tweak security options if the government of a certain country has allowed them to do so. Wow! And what else can they do, on which hosts and under what conditions?
6. The main concern, of course, is that Microsoft products, including cloud-based security services, are still widely used in Russian organizations. And not only in Russia, but also in other countries that have some disagreements with US policy. Such publications confirm that Microsoft is a highly biased and unstable IT vendor, and something needs to be done about it quickly.

Версия на русском

@avleonovcom #VMnews #Microsoft #DefenderForEndpoint
544 viewsedited  22:18
Open / Comment
2022-07-28 01:13:10 I think I will start posting texts for Vulnerability Management news and publications in this channel, and then I will group them into the avleonov.com blog post with video. It will be less intriguing, but I will immediately receive some feedback and it should be more fun for me.

@avleonovcom
463 viewsedited  22:13
Open / Comment
2022-07-26 20:45:26
Such lovely gifts from the Vulners Team. Thanks a lot, guys! Happy Birthday, Vulners! #vulners7yo

@avleonovcom
667 views17:45
Open / Comment
2022-07-24 00:03:54 I’ve been also thinking how we need a professional networking site to replace the Microsoft's one. To be a complete replacement, it

1. Should be registered in an appropriate jurisdiction, not in the US. Ideally in India, UAE, Hong Kong, Malaysia.
2. Should be focused on international cooperation, not on one country. Therefore, purely Chinese or purely Russian sites that are not even interested in supporting the English locale are not suitable.
3. Should be a professional social network, and not just a hosting for vacancies and CVs.

Once again, I want to give a kind word to Peerlyst (RIP). It did not meet all the requirements, but gathered the international InfoSec community quite well. Nothing similar has not appeared since then (2020). And it seems that the absurd monopoly of the Microsoft's site will continue until the world begins to seriously divide and regroup into something new. And this is likely to happen no earlier than the start of active actions in the South China Sea.

@avleonovcom
622 viewsedited  21:03
Open / Comment
2022-07-23 11:44:06 Hello everyone! Microsoft has been acting weird lately. I mean the recent publication of a propaganda report about evil Russians and how Microsoft is involved in the conflict between countries. It wouldn't be unusual for a US government agency, NSA or CIA to publish such a report. But when a global IT vendor, which, in theory, should be more or less neutral, does this… This is a clear signal. It's not about business anymore.

I'll take a closer look at this report in the next episode of the Vulnerability Management news, but for now let's take a look at Microsoft July Patch Tuesday. Yes, the vendor is behaving strangely, but Microsoft products need to be patched. Right? At least for now. And tracking vulnerabilities is always a good thing.

01:32 CSRSS Elevation of Privilege (CVE-2022-22047)
04:36 RPC Remote Code Execution (CVE-2022-22038)
05:44 Microsoft Edge Memory Corruption (CVE-2022-2294)
06:55 32 vulnerabilities in Azure Site Recovery

Video:


Video2 (for Russia): https://vk.com/video-149273431_456239096
Blogpost: https://avleonov.com/2022/07/23/microsoft-patch-tuesday-july-2022-propaganda-report-csrss-eop-rpc-rce-edge-azure-site-recovery/
Full report: https://avleonov.com/vulristics_reports/ms_patch_tuesday_july2022_report_with_comments_ext_img.html

#microsoft #patchtuesday

@avleonovcom
943 viewsedited  08:44
Open / Comment
2022-07-13 17:38:02
Собственно о каком мероприятии была речь.
#KasperskyCyberCamp
729 views14:38
Open / Comment
2022-06-13 23:51:36 Hello everyone! In this short episode, I want to talk about the new feature in #Vulners Linux API. Linux security bulletin publication dates are now included in scan results. Why is it useful?

Video:


Video2 (for Russia): https://vk.com/video-149273431_456239092
Blogpost: https://avleonov.com/2022/06/13/vulners-linux-audit-api-security-bulletin-publication-dates-in-results/
326 views20:51
Open / Comment
2022-06-11 03:51:54 Hello everyone! In this episode, I want to talk about the Positive Hack Days 11 conference, which took place on May 18 and 19 in Moscow. As usual, I want to express my personal opinion about this event.

Video:


Video2 (for Russia): https://vk.com/video-149273431_456239091
Blogpost: https://avleonov.com/2022/06/11/phdays-11-towards-the-independence-era/
282 views00:51
Open / Comment
2022-06-04 13:32:32
Hello everyone! This episode will be about the AM Live Vulnerability Management online conference. I participated in it on May 17th. The event lasted 2 hours. Repeating everything that has been said is difficult and makes little sense. Those who want can watch the full video or read the article about the event (both in Russian). Here I would like to share my impressions, compare this event with last year's and express my position.

Video:


Video2 (for Russia): https://vk.com/video-149273431_456239090
Blogpost: https://avleonov.com/2022/06/04/am-live-vulnerability-management-conference-2022-my-impressions-and-position/
433 views10:32
Open / Comment
2022-05-27 00:55:56 Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, I’m using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presented by Microsoft since the previous Patch Tuesday, April 12th.

Video:


Video2 (for Russia): https://vk.com/video-149273431_456239089
Blogpost: https://avleonov.com/2022/05/27/microsoft-patch-tuesday-may-2022-edge-rce-petitpotam-lsa-spoofing-bad-patches/
Full report: https://avleonov.com/vulristics_reports/ms_patch_tuesday_may2022_report_with_comments_ext_img.html
293 views21:55
Open / Comment