Listen Now

As always, we discuss the latest vulnerability news and the first Patch Tuesday of the year. Then, the Security Response Team walks us through their 2020 Threat Landscape Retrospective report. The team did the tough work of looking back at everything that happened in 2020 and deriving some key lessons we can all take into 2021.Read the full reportShow References:Microsoft’s January 2021 Patch Tuesday Addresses 83 CVEsSolorigate: SolarWinds Orion Platform Contained a Backdoor Since March 2020 (SUNBURST)Webinar Recording on SolarWinds IncidentAMNESIA:33: Researchers Disclose 33 Vulnerabilities Across Four Open Source TCP/IP LibrariesFollow along for more from Tenable Research:Subscribe to the blogFollow Tenable’s Zero Day team on MediumTenable Research Podcast Musical References 

We’re joined by four members of the Zero Day Research team - Nick Miles, Jimi Sebree, Chris Lyne, and Evan Grant - to talk about what it’s like being a security researcher in 2020. Conferences mostly cancelled, vendor responses fluctuating, concerns about selecting targets and promoting work - it’s complicated out there for researchers. As always, Satnam Narang breaks down the latest vulnerability news for us.Show References:Microsoft’s December 2020 Patch Tuesday Addresses 58 CVEs including CVE-2020-25705 (SAD DNS)Cloudflare’s Blog Post on SAD DNSCVE-2020-4006: VMware Command Injection Flaw Exploited by Russian State-Sponsored Threat ActorsCVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager DisclosedSpam warning on Cash AshZero Day ResearchCOVID-19 Pandemic Data: As Attack Surface Expands, Software Vendors Improve Vulnerability Response TimesPsExec Local Privilege EscalationHacking in Among UsTP-Link Takeover with a Flash DriveInside Amazon’s Ring Alarm SystemFollow along for more from Tenable Research:Subscribe to the blogFollow Tenable’s Zero Day team on MediumTenable Research Podcast Musical References 

On this episode, we talk about November Patch Tuesday - Satnam highlights some of the vulnerabilities and we discuss the new, limited format for the advisories from Microsoft. Our guest this month is Grant Dobbe who gives us a crash course on compliance benchmarks and how to pick the right one for you. The key lesson: don’t try to put a jet engine on a Cessna.Show References: Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known VulnerabilitiesWebinar: Ramp-Up Your Response to Latest State Sponsored AttacksMicrosoft’s November 2020 Patch Tuesday Addresses 112 CVEs including CVE-2020-17087CVE-2020-15999, CVE-2020-17087: Google Chrome FreeType and Microsoft Windows Kernel Zero Days Exploited in the WildGoogle patches two more Chrome zero-daysApple patches iOS against 3 actively exploited 0-days found by GoogleOracle Critical Patch Update for October 2020 Addresses 402 Security UpdatesCVE-2020-14882: Oracle WebLogic Remote Code Execution Vulnerability Exploited in the WildOracle Security Alert Advisory - CVE-2020-14750 (Out-of-Band)CVE-2020-14871: Critical Buffer Overflow in Oracle Solaris Exploited in the Wild as Zero-DayCVE-2020-27615: SQL Injection Vulnerability in WordPress Loginizer Plugin Affected Over One Million SitesCVE-2020-16846, CVE-2020-25592: Critical Vulnerabilities in Salt Framework DisclosedWebinar: How to Unlock the Security Benefits of the CIS BenchmarksCIS BenchmarksDISA STIGsSTIG ViewerSingle Check Audits on GithubGithub: Audit file for CVE-2020-14871Tenable Research Podcast Musical References

This month, Luke Tamagna-Darr is back and he and Satnam have a lot to say about security advisories. As always, we walk through the latest vulnerability news - specifically diving into “Zerologon” and “Bad Neighbor” as well as multiple alerts from CISA. Many advisories recently were focused on chaining vulnerabilities, providing insight into how attackers are leveraging bugs together in attacks.Show References:Writing Security Advisories: 5 Best Practices For VendorsMicrosoft’s October 2020 Patch Tuesday Addresses 87 CVEs including “Bad Neighbor” Windows TCP/IP Vulnerability (CVE-2020-16898)CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain ControllerCVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched VulnerabilitiesUS Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched VulnerabilitiesCVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices DisclosedMultiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to AttackCVE-2020-6925, CVE-2020-6926, CVE-2020-6927: Multiple Vulnerabilities in HP Device ManagerTenable Research Spotify Playlist

We kick things off with this month’s vulnerability news as well as some primary research Satnam has done into questionable advertisements on TikTok. Then, we speak with Justin Brown about the joys of audit and compliance. Specifically, he talks about how his team works to develop and improve over 100,000 configuration checks.Microsoft’s September 2020 Patch Tuesday Addresses 129 CVEsCritical Vulnerability in File Manager WordPress Plugin Exploited in the WildCVE-2020-3566, CVE-2020-3569: Zero-Day Vulnerabilities in Cisco IOS XR Software Targeted in the WildCVE-2020-5776, CVE-2020-5777: Multiple Vulnerabilities in the MAGMI Magento Mass Import PluginCVE-2019-0230: Apache Struts Potential Remote Code Execution VulnerabilityTikTok Ad Scams: Insufficient Moderation Leaves 'For You' Page Filled with Dubious Apps, Products and ServicesEdge Week Agenda

Our guest this month is Luke Tamagna-Darr and he tells us about some of the automation projects his team is working on, including predicting CVSS vectors when they are missing from vulnerability descriptions. As always, Satnam walks us through the latest vulnerability news as well as the work Tenable Research has done to identify devices impacted by Ripple20.Show ReferencesMicrosoft’s August 2020 Patch Tuesday Addresses 120 CVEs (CVE-2020-1337)Zero-Day Remote Code Execution Vulnerability in vBulletin DisclosedRipple20: More Vulnerable Devices Discovered, Including New VendorsCVE-2020-10713: “BootHole” GRUB2 Bootloader Arbitrary Code Execution VulnerabilityCVE-2020-3452: Cisco Adaptive Security Appliance and Firepower Threat Defense Path Traversal Vulnerability

Satnam starts us off with a veritable parade of vulnerabilities maxing out CVSS severity. Ripple20, PAN OS, BIG-IP, SIGRed, RECON - lots to cover and Satnam breaks it all down for us. As a bit of a palate cleanser, we talk to Tony Huffman and Tyler Coumbes about how Threat Automation works in products.Show ReferencesCVE-2020-11896, CVE-2020-11897, CVE-2020-11901: Ripple20 Zero-Day Vulnerabilities in Treck TCP/IP Libraries DisclosedCVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical Authentication Bypass Vulnerabilityhttps://twitter.com/RyanLNewington/status/1278074919092289537?s=20 CVE-2017-7391: Vulnerability in Magento Mass Import (MAGMI) Plugin Exploited in the WildCVE-2020-5902: Critical Vulnerability in F5 BIG-IP Traffic Management User Interface (TMUI) Actively ExploitedCVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server JAVA Disclosed (RECON)Microsoft’s July 2020 Patch Tuesday Addresses 123 CVEs Including Wormable Windows DNS Server RCE (CVE-2020-1350) (SIGRed)CVE-2020-1350: Wormable Remote Code Execution Vulnerability in Windows DNS Server Disclosed (SIGRed)Tenable Research Discloses Multiple Vulnerabilities in Plex Media Server 

We kick things off this episode talking to David Wells about his work with the Zero Day Research Team. He tells about recent bugs he’s found in Signal and an interesting bypass method for User Account Control in Windows. Then we hear from Satnam Narang about the latest vulnerabilities and patches (spoiler: there’s a lot of ghosts and SMB).Show References:https://www.tenable.com/blog/microsoft-s-june-2020-patch-tuesday-addresses-129-cves-including-newly-disclosed-smbv3https://www.tenable.com/blog/smbleed-cve-2020-1206-and-smblost-cve-2020-1301-vulnerabilities-affect-microsoft-smbv3-andhttps://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-ofhttps://medium.com/tenable-techblog/multiple-vulnerabilities-in-tcexam-f6ae38c6fb8ahttps://medium.com/tenable-techblog/turning-signal-app-into-a-coarse-tracking-device-643eb4298447https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1bhttps://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6eTenable Research on Medium - https://medium.com/tenable-techblog

Satnam walks us through May’s Patch Tuesday which, even at 111 vulnerabilities, was a bit calmer than prior months’ releases. We also talk about vulnerabilities in vBulletin, Cisco, Salt Framework and Sophos XG Firewall - and more. Satnam highlights primary research including flaws Tenable Research found in Instacart’s website and social media scams. To round it out, Eric Detoisien, Director of Research for WAS Content, joins us to talk about web application scanning and how his small-but-brilliant team develops WAS plugins.Show References:SophosLabs on “Asnarök” Trojan - https://news.sophos.com/en-us/2020/04/26/asnarok/Second Grader Hacks System, Shows Kids How to Access Any Student Account - https://bocanewsnow.com/2020/05/12/coronavirus-massive-palm-beach-county-school-district-student-password-breach/WAS SSL/TLS plugins - https://staging.tenable.com/plugins/was/families/SSL%2FTLSRecently from Research:https://www.tenable.com/blog/scams-exploit-covid-19-giveaways-via-venmo-paypal-and-cash-app https://www.tenable.com/blog/microsoft-s-may-2020-patch-tuesday-addresses-111-cveshttps://www.tenable.com/blog/instacart-patches-sms-spoofing-vulnerability-discovered-by-tenable-researchhttps://www.tenable.com/blog/cve-2020-12720-vbulletin-urges-users-to-patch-undisclosed-security-vulnerabilityhttps://www.tenable.com/blog/cisco-patches-multiple-flaws-in-adaptive-security-appliance-firepower-threat-cve-2020-3187https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wildhttps://www.tenable.com/blog/wordpress-e-learning-plugin-vulnerabilities-range-from-cheating-to-remote-code-executionhttps://www.tenable.com/blog/cve-2020-12271-zero-day-sql-injection-vulnerability-in-sophos-xg-firewall-exploited-in-the-wildhttps://www.tenable.com/blog/multiple-zero-day-vulnerabilities-in-ios-mail-app-exploited-in-the-wildhttps://www.tenable.com/blog/adv200004-microsoft-releases-out-of-band-advisory-to-address-flaws-in-autodesk-filmbox-fbxhttps://medium.com/tenable-techblog/remapping-python-opcodes-67d79586bfd5https://medium.com/tenable-techblog/getting-root-on-macos-via-3rd-party-backup-software-b804085f0c9Follow the Security Response Team on the Tenable Community https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts

Once again, we’re talking about Microsoft Patch Tuesday, this time with the added bonus of a record-breaking Oracle Critical Patch Update. All told, the releases covered 563 CVEs! Satnam Narang discusses vulnerabilities in VMware vCenter and Zoom, as well as some primary research the SRT has done about protecting the remote workforce. Our guests this episode are Jesus Galan, Research Manager of Vulnerability Detection and Greg Betz, Research Manager for Asset Competitiveness. They joined us to talk about OS fingerprinting.Recent SRT Blogshttps://www.tenable.com/blog/oracle-april-2020-critical-patch-update-includes-record-breaking-397-security-updates https://www.tenable.com/blog/microsoft-april-2020-patch-tuesday-addresses-113-cves-including-adobe-type-manager-library https://www.tenable.com/blog/cve-2020-3952-sensitive-information-disclosure-in-vmware-vcenter-server-vmsa-2020-0006https://www.tenable.com/blog/cve-2020-6819-cve-2020-6820-critical-mozilla-firefox-zero-day-vulnerabilities-exploited-in-wildhttps://www.tenable.com/blog/zoom-patches-multiple-flaws-and-responds-to-security-and-privacy-concernshttps://www.tenable.com/blog/cve-2020-8467-cve-2020-8468-vulnerabilities-in-trend-micro-apex-one-and-officescan-exploited-inTenable Research Blogshttps://medium.com/tenable-techblog/pi-sniffers-travels-a0db63c1434a https://medium.com/tenable-techblog/targeting-a-macos-application-update-your-path-traversal-lists-a1055959a75ahttps://medium.com/tenable-techblog/more-medical-record-security-flaws-81759f673a0 Follow the Security Response Team on the Tenable Community https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts

On this episode, we talk about Microsoft’s Patch Tuesday for March which covered a whopping 115 vulnerabilities! However, CVE-2020-0796 stole the show. Satnam walks us through the vulnerability, how it compares to EternalBlue and what practitioners need to know. Giuliana Carullo from the Tenable Vulnerability Database team also joined us to continue the conversation about automation and how her team models the vulnerability landscape.Recent SRT Blogshttps://www.tenable.com/blog/cve-2020-0796-wormable-remote-code-execution-vulnerability-in-microsoft-server-message-blockhttps://www.tenable.com/blog/microsoft-s-march-2020-patch-tuesday-addresses-115-cves-including-58-elevation-of-privilegehttps://www.tenable.com/blog/cve-2020-10189-deserialization-vulnerability-in-zoho-manageengine-desktop-central-10-patchedhttps://www.tenable.com/blog/cve-2020-8597-buffer-overflow-vulnerability-in-point-to-point-protocol-daemon-pppdhttps://www.tenable.com/blog/cve-2020-0688-microsoft-exchange-server-static-key-flaw-could-lead-to-remote-code-executionhttps://www.tenable.com/blog/cve-2020-6418-google-chrome-type-confusion-vulnerability-exploited-in-the-wildhttps://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487https://www.tenable.com/blog/duplicator-wordpress-plugin-vulnerability-exploited-in-the-wildApply to work on the Tenable Vulnerability Database teamhttps://careers.tenable.com/jobs/software-engineer-automation-python-columbia-maryland-united-states-32b2ddc4-5a2c-4317-b349-afd4db64210dFollow the Security Response Team on the Tenable Community https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts

On this episode, we talk about February’s Patch Tuesday, the release of a PoC for CVE-2020-0618, and exploitation of a vulnerability in the ThemeGrill Demo Importer plugin for WordPress. We also speak with Ryan Hoy about the Vulnerability Intelligence Feeds and the work his team does developing and improved the plugin automation framework.Catch Tenable Researchers presenting at BSides Tampa on February 29.Recent SRT blog posts:https://www.tenable.com/blog/cve-2020-0618-proof-of-concept-for-microsoft-sql-server-reporting-services-vulnerability-0https://www.tenable.com/blog/themegrill-demo-importer-vulnerability-actively-exploited-in-the-wildhttps://www.tenable.com/blog/microsoft-s-february-2020-patch-tuesday-addresses-99-cves-including-internet-explorer-zero-dayhttps://www.tenable.com/blog/cdpwn-cisco-discovery-protocol-vulnerabilities-disclosed-by-researchers Primary Researchhttps://www.tenable.com/blog/cryptocurrency-scams-fake-giveaways-impersonate-followers-of-political-and-other-notableThe Tenable Tech Blog on Mediumhttps://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b?source=collection_home---4------0-----------------------https://medium.com/tenable-techblog/exploiting-jira-for-host-discovery-43be3cddf023Follow the Security Response Team on the Tenable Community https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts