After a looong absence, Bill and Gavin discuss Supply Chain Attacks and how Solarwinds personally impacted Gavin's slides. The chaps also talk through some pretty big additions to Tenable's Cloud capabilities with Frictionless Assessment.
It was a long summer and fall months; nevertheless, we are back at it. This is the "lost" episode and final for 2020. We will try to be more regular in 2021.Happy New Year! & Stay Safe!In this episode, Gavin and I discuss what we have been up to over the last several months as we'll discuss some major improvements/innovations here at Tenable.
Show notes:
In this episode Bill and Gavin discuss becoming more business aligned security leaders and how to influence change.
In this episode Bill and Gavin are joined by Wei Tai from the Data Science team to discuss Machine Learning and how accurate the team have identified the major vulnerabilities of 2019. Bill also learns how to press the record button so the team don’t have to record the podcast for a third time in a week.
In this episode Bill and Gavin discuss predicting the vulnerabilities that matter most through machine learning and reducing the burden of patching the infrastructure.
In this episode Bill and Gavin discuss Nessus on Raspberry Pi, which unfortunately didn't make it through the rigorous testing processes, and the top vulnerabilities you should be patching to secure the remote workforce.
Also apologies if we offend anyone this week, we might be going a tad stir crazy which is affecting our (Gavin's) filter somewhat.
In this episode Bill and Gavin talk about protecting the new norm of the remote workforce and discuss CVE-2020-0796.
In this episode Bill and Gavin discuss a presentation on the top 5 attack vectors in 2020 according to SANS.
Here’s a link to the video of the presentation Bill and Gavin are referencing: https://www.youtube.com/watch?v=xz7IFVJf3Lk
New year, new format. Instead of the usual Olson mocking through the use of the latest cyber news, Bill and Gavin will be sharing some inner workings of team Tenable and what the dev are creating.
In this episode, Bill and Gavin talk about the innovation competition between dev teams and measuring the maturity of your assessment practices.
In this special episode, Bill and Gavin are joined by Tenable's CISO Bob Huber and Data Scientist Bryan Doyle. The chaps discuss measurements that matter and how to communicate security effectiveness.
In this episode Bill finally gets some payback on Gavin, they discuss Smart Televisions on spending sprees, a goose with a bad attitude and poor cyber hygiene and Bluekeep exploitation. Bill is also joined by Amit Yoran, CEO of Tenable, to discuss learned helplessness in the world of Cyber Security.
In this episode, Bill and Gavin talk RDP honeypot, ATM jackpots and RCE hotspots. The chaps are also joined by Satnam Narang to talk about cash app scams.
In this episode Bill and Gavin talk about dismantling hotel lamps for fun and profit, multiple router Vulnerabilities and keeping track of private information in repositories. Bill is also joined by Ryan and Scott from the research team to discuss a couple of major zero days affecting Exim and vBulletin.
In this episode Bill and Gavin talk snooping on cat scans, TGIF data breach, breaking into Gavin's bank account with a handy sound board and power grid blackouts. Bill also interviews Steve Smith and Kent Dyer from the Government Affairs team to understand issues affecting Governments across the Globe.
In this episode, Bill and Gavin talk about yet another ransomware outbreak affecting Texas, Bills Moose being petted by a minor celebrity, age old Notepad vulnerability and are joined by Satnam Narang to talk about TikTok shenanigans.
In this episode, Bill and Gavin discuss attacks against adult apps, a WhatsApp flaw that enables an attacker to change messages and join groups, hacking alarm systems with a $2 device, and predicting the NVD future with Predictive Prioritization.
In this episode, Bill turns the insecurity tables on Gavin with the IOS 13 keychain bug. The boys also discuss insecure trains, remote code execution vulnerabilities in Atlassian and how to respond to a major outage publicly. Bill is also joined by David Wells who talks about the recent vulnerability he discovered in Comodo AV.
In this episode Bill and Gavin discuss strange meetings in English Forests, improvements in security guidelines around IoT devices, bricking iPhone with a single message and the issues with non experts defining Government policy. Bill is also joined by Jimi Sebree to discuss how he discovers new zero days and a recent Arlo Camera teardown.
In this episode Bill and Gavin talk about a Firefox Zero Day, organizations facing bankruptcy due to ransomware, MSSP's as an attack vector and C&C Slack. The guys are also joined by Matt Everson and Justin Brown from Tenable Research team.
Bill and Gavin talk about Baltimore City being hit with Ransomware, yet another leak of hundreds of millions of personal details, and the chaps are joined by Claire Tills to discuss how the media drive remediation efforts for popular vulnerabilities.
In this episode Bill and Gavin discuss dodgy Superhost spying on their guests, SharePoint issues and weaknesses affecting the elderly. Gavin also interviews the delightful Jenny Radcliffe, the People Hacker, about social engineering.
In this episode Bill and Gavin talk easy to guess passwords, the Beapy Cryptojacking worm sweeping through Asia and hungry cybercriminals leveraging credential stuffing attacks
In this episode Bill realises smart locks are slightly less clever than their name implies, we discuss data science based cyber hygiene and MRI misgivings.
In this episode, Bill tries to track Merger and Acquisition activity with children's GPS devices, Gavin highlights the issues of hiding malware in BIOS and Thom Langford from TL(2) joins to give a CISO's perspective.
In this weeks episode, Bill and Gavin discuss Cult of the Dead Cow, top ten vulnerabilities, supply chain attacks and leaky geolocation apps.
Bill and Gavin discuss several stories which highlight the challenges around Cyber Hygiene. We also have a chat on vulnerability prioritization with Tenable's Kevin Flynn.
Conversations and interviews related to Cyber Exposure, vulnerability management, and security overall. We are pleased to have you as a listener and welcome your feedback at [email protected]. If you are interested in being a guest, let us know at the same email address.
Bill Olson is a Tenable Technical Director, responsible for product strategy and direction. Bill works closely with our customers to understand their needs in vulnerability management and continuous network monitoring. He is passionate about building better solutions to improve customers’ security posture and programs.
Gavin Millard is a trained, ethical hacker who works with medium and large enterprises to address their cybersecurity challenges. With a deep understanding of how attackers plot a breach, he helps bring these companies to a trusted state of IT infrastructure. He previously worked as the Europe, Middle East and Africa (EMEA) technical director for Tripwire. He has also spoken frequently on data integrity, hacking and other key security topics.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
BUY
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Choose Your Subscription Option:
Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Choose Your Subscription Option:
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
$3,578
Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.
Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.
Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.
Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.
Please fill out this form with your contact information.
A sales representative will contact you shortly to schedule a demo.
* Field is required
Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.
Continuously detect and respond to Active Directory attacks. No agents. No
privileges.
On-prem and in the cloud.
Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.
Know the exposure of every asset on any platform.
Know the exposure of every asset on any platform.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.