Alexander V. Leonov

Hello everyone! This video was recorded for the VMconf 22 Vulnerability Management conference, vmconf.pw. I will be talking about malicious open source and the cost of using someone else’s code. Alternative video link (for Russia): https://vk.com/video-149273431_456239086Video in Russian from CISO Forum 2022: https://youtu.be/LPXg-MEamVA To be honest, at the beginning of the year I did not […]

Hello everyone! This episode will be about Microsoft Patch Tuesday for April 2022 and new improvements in my Vulristics project. I decided to add more comment sources. Because it’s not just Tenable, Qualys, Rapid7 and ZDI make Microsoft Patch Tuesday reviews, but also other security companies and bloggers. Alternative video link (for Russia): https://vk.com/video-149273431_456239085 You can […]

Hello everyone! After a two-year break, I took part in Moscow CISO Forum 2022 with a small talk “Malicious open source: the cost of using someone else’s code”. Alternative video link (for Russia): https://vk.com/video-149273431_456239084 CISO Forum is the first major Russian conference since the beginning of The New Reality of Information Security (TNRoIS). My presentation […]

Hello everyone! In this episode, let’s take a look at the latest vulnerabilities in Gitlab. On March 31, the Critical Security Release for GitLab Community Edition (CE) and Enterprise Edition (EE) was released. GitLab recommends that all installations running a version affected by the issues described in the bulletin are upgraded to the latest version as soon […]

Hello everyone! This episode will be about last week’s high-profile vulnerabilities in Spring. Let’s figure out what happened. Alternative video link (for Russia): https://vk.com/video-149273431_456239078 Of course, it’s amazing how fragmented the software development world has become. Now there are so many technologies, programming languages, libraries and frameworks! It becomes very difficult to keep them all in […]

Hello everyone! In this episode, I would like to talk about Github and how to remove sensitive information that was accidentally uploaded there. Alternative video link (for Russia): https://vk.com/video-149273431_456239077 This is a fairly common problem. When publishing the project code on Github, developers forget to remove credentials: logins, passwords, tokens. What to do if this becomes […]

Hello everyone! I am glad to greet you from the most sanctioned country in the world. Despite all the difficulties, we carry on. I even have some time to release new episodes. This time it will be about Microsoft Patch Tuesday for March 2022. Alternative video link (for Russia): https://vk.com/video-149273431_456239076 I do the analysis as […]

Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2022. I release it pretty late, because of the my previous big episode about the blindspots in the Knowledge Bases of Vulnerability Scanners. Please take a look if you haven’t seen it. Well, if you are even slightly interested in the world news, […]

Hello everyone! This video was recorded for the VMconf22 Vulnerability Management conference. I want to talk about the blind spots in the knowledge bases of Vulnerability Scanners and Vulnerability Management products. This report was presented in Russian at Tenable Security Day 2022. The video is here. Potential customers rarely worry about the completeness of the […]

Hello everyone! As you probably know, CentOS Linux, the main Enterprise-level Linux server distribution, will soon disappear. It wasn’t hard to predict when RedHat acquired CentOS in 2014, and now it is actually happening. End of life of CentOS Linux 8 was 31.12.2021. There won’t be CentOS Linux as downstream for RedHat anymore. Only CentOS […]