Закругляю февраль традиционным англоязычным постом и видяшкой. 🙂 Чуть-чуть поговорил про опенсурсные проекты (признаться, не было особо времени ими заниматься, пока одни намётки), про PT-шные активности и, естественно, про уязвимости (трендовые и не очень).

———

Feb­ru­ary 2024: Vul­re­mi, Vuldet­ta, PT VM Course relaunch, PT Trend­Vulns digests, Ivan­ti, Fortinet, MSPT, Lin­ux PW

Hel­lo every­one! In this episode, I will talk about the Feb­ru­ary updates of my open source projects, also about projects at my main job at Pos­i­tive Tech­nolo­gies and inter­est­ing vul­ner­a­bil­i­ties.

My Open Source projects
00:14 Vul­re­mi — a sim­ple vul­ner­a­bil­i­ty reme­di­a­tion util­i­ty
00:55 Vuldet­ta — an API for detect­ing vul­ner­a­bil­i­ties based on a list of Lin­ux pack­ages

Pos­i­tive Tech­nolo­gies
01:22 Two new video mod­ules for the relaunch of the Vul­ner­a­bil­i­ty Man­age­ment train­ing course
02:00 Month­ly digests of trend­ing vul­ner­a­bil­i­ties

Vul­ner­a­bil­i­ties
02:17 RCEs in the Ivan­ti Con­nect Secure, Ivan­ti Pol­i­cy Secure and Ivan­ti Neu­rons for ZTA (CVE-2024–21887, CVE-2023–46805, CVE-2024–21893)
03:47 Arbi­trary Code Exe­cu­tion vul­ner­a­bil­i­ty in Fortinet For­tiOS and For­tiProxy (CVE-2024–21762)
04:11 Cis­co ASA Infor­ma­tion Dis­clo­sure vul­ner­a­bil­i­ty (CVE-2020–3259) is used by the Aki­ra ran­somware
04:55 Feb­ru­ary Microsoft Patch Tues­day
07:14 Feb­ru­ary Lin­ux Patch Wednes­day

🎞 Video
📘 Blog­post
🎞 VKVideo