Tenable Research
Podcast
The Joys of Compliance (No Kidding)
We kick things off with this month’s vulnerability news as well as some primary research Satnam has done into questionable advertisements on TikTok. Then, we speak with Justin Brown about the joys of audit and compliance. Specifically, he talks about how his team works to develop and improve over 100,000 configuration checks.
- Listen:
Show References
- Microsoft’s September 2020 Patch Tuesday Addresses 129 CVEs
- Critical Vulnerability in File Manager WordPress Plugin Exploited in the Wild
- CVE-2020-3566, CVE-2020-3569: Zero-Day Vulnerabilities in Cisco IOS XR Software Targeted in the Wild
- CVE-2020-5776, CVE-2020-5777: Multiple Vulnerabilities in the MAGMI Magento Mass Import Plugin
- CVE-2019-0230: Apache Struts Potential Remote Code Execution Vulnerability
- TikTok Ad Scams: Insufficient Moderation Leaves 'For You' Page Filled with Dubious Apps, Products and Services
Edge Week Agenda
Automate all the things
Our guest this month is Luke Tamagna-Darr and he tells us about some of the automation projects his team is working on, including predicting CVSS vectors when they are missing from vulnerability descriptions. As always, Satnam walks us through the latest vulnerability news as well as the work Tenable Research has done to identify devices impacted by Ripple20.
- Listen:
Show References
- Patch Tuesday (August 2020) - 120 CVEs, 17 Critical
- Zero-Day Remote Code Execution Vulnerability in vBulletin Disclosed
- Ripple20: More Vulnerable Devices Discovered, Including New Vendors
- CVE-2020-10713: “BootHole” GRUB2 Bootloader Arbitrary Code Execution Vulnerability
- CVE-2020-3452: Cisco Adaptive Security Appliance and Firepower Threat Defense Path Traversal Vulnerability
Tenable Research on Medium - https://medium.com/tenable-techblog
10/10 Would Patch Again
Satnam starts us off with a veritable parade of vulnerabilities maxing out CVSS severity. Ripple20, PAN OS, BIG-IP, SIGRed, RECON - lots to cover and Satnam breaks it all down for us. As a bit of a palate cleanser, we talk to Tony Huffman and Tyler Coumbes about how Threat Automation works in products.
- Listen:
Show References
- https://www.tenable.com/blog/cve-2020-11896-cve-2020-11897-cve-2020-11901-ripple20-zero-day-vulnerabilities-in-treck-tcpip
- https://www.tenable.com/blog/cve-2020-2021-palo-alto-networks-pan-os-vulnerable-to-critical-authentication-bypass
- https://twitter.com/RyanLNewington/status/1278074919092289537?s=20
- https://www.tenable.com/blog/cve-2017-7391-vulnerability-in-magento-mass-import-magmi-plugin-exploited-in-the-wild
- https://www.tenable.com/blog/cve-2020-5902-critical-vulnerability-in-f5-big-ip-traffic-management-user-interface-tmui
- https://www.tenable.com/blog/cve-2020-6287-critical-vulnerability-in-sap-netweaver-application-server-java-disclosed-recon
- https://www.tenable.com/blog/microsoft-s-july-2020-patch-tuesday-addresses-123-cves-including-wormable-windows-dns-server
- https://www.tenable.com/blog/cve-2020-1350-wormable-remote-code-execution-vulnerability-in-windows-dns-server-sigred
- https://www.tenable.com/blog/tenable-research-discloses-multiple-vulnerabilities-in-plex-media-server
Tenable Research on Medium - https://medium.com/tenable-techblog
Haunted by SMB
We kick things off this episode talking to David Wells about his work with the Zero Day Research Team. He tells about recent bugs he’s found in Signal and an interesting bypass method for User Account Control in Windows. Then we hear from Satnam Narang about the latest vulnerabilities and patches (spoiler: there’s a lot of ghosts and SMB).
- Listen:
Show References
- https://www.tenable.com/blog/microsoft-s-june-2020-patch-tuesday-addresses-129-cves-including-newly-disclosed-smbv3
- https://www.tenable.com/blog/smbleed-cve-2020-1206-and-smblost-cve-2020-1301-vulnerabilities-affect-microsoft-smbv3-and
- https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
- https://medium.com/tenable-techblog/multiple-vulnerabilities-in-tcexam-f6ae38c6fb8a
- https://medium.com/tenable-techblog/turning-signal-app-into-a-coarse-tracking-device-643eb4298447
- https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b
- https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e
Tenable Research on Medium - https://medium.com/tenable-techblog
What's the deal with Web App Scanning?
Satnam walks us through May’s Patch Tuesday which, even at 111 vulnerabilities, was a bit calmer than prior months’ releases. We also talk about vulnerabilities in vBulletin, Cisco, Salt Framework and Sophos XG Firewall - and more. Satnam highlights primary research including flaws Tenable Research found in Instacart’s website and social media scams. To round it out, Eric Detoisien, Director of Research for WAS Content, joins us to talk about web application scanning and how his small-but-brilliant team develops WAS plugins.
- Listen:
Show Notes
- SophosLabs on “Asnarök” Trojan - https://news.sophos.com/en-us/2020/04/26/asnarok/
- Second Grader Hacks System, Shows Kids How to Access Any Student Account - https://bocanewsnow.com/2020/05/12/coronavirus-massive-palm-beach-county-school-district-student-password-breach/
- WAS SSL/TLS plugins - https://www.tenable.com/plugins/was/families/SSL%2FTLS
Recently from Research:
- https://www.tenable.com/blog/scams-exploit-covid-19-giveaways-via-venmo-paypal-and-cash-app
- https://www.tenable.com/blog/microsoft-s-may-2020-patch-tuesday-addresses-111-cves
- https://www.tenable.com/blog/instacart-patches-sms-spoofing-vulnerability-discovered-by-tenable-research
- https://www.tenable.com/blog/cve-2020-12720-vbulletin-urges-users-to-patch-undisclosed-security-vulnerability
- https://www.tenable.com/blog/cisco-patches-multiple-flaws-in-adaptive-security-appliance-firepower-threat-cve-2020-3187
- https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wild
- https://www.tenable.com/blog/wordpress-e-learning-plugin-vulnerabilities-range-from-cheating-to-remote-code-execution
- https://www.tenable.com/blog/cve-2020-12271-zero-day-sql-injection-vulnerability-in-sophos-xg-firewall-exploited-in-the-wild
- https://www.tenable.com/blog/multiple-zero-day-vulnerabilities-in-ios-mail-app-exploited-in-the-wild
- https://www.tenable.com/blog/adv200004-microsoft-releases-out-of-band-advisory-to-address-flaws-in-autodesk-filmbox-fbx
- https://medium.com/tenable-techblog/remapping-python-opcodes-67d79586bfd5
- https://medium.com/tenable-techblog/getting-root-on-macos-via-3rd-party-backup-software-b804085f0c9
Follow the Security Response Team on the Tenable Community.
Analyzing Digital Loops and Whorls: OS Fingerprinting
As per usual, we’re talking about Microsoft Patch Tuesday with the added bonus of a record-breaking Oracle Critical Patch Update. All told, the releases covered 563 CVEs! Satnam discusses vulnerabilities in VMware vCenter and Zoom, as well as some primary research the SRT has done about protecting the remote workforce. Our guests this episode are Jesus Galan, Research Manager of Vulnerability Detection and Greg Betz, Research Manager for Asset Competitiveness. They joined us to talk about OS fingerprinting.
- Listen:
Show Notes
Recent SRT Blogs
- https://www.tenable.com/blog/microsoft-april-2020-patch-tuesday-addresses-113-cves-including-adobe-type-manager-library
- https://www.tenable.com/blog/cve-2020-3952-sensitive-information-disclosure-in-vmware-vcenter-server-vmsa-2020-0006
- https://www.tenable.com/blog/cve-2020-6819-cve-2020-6820-critical-mozilla-firefox-zero-day-vulnerabilities-exploited-in-wild
- https://www.tenable.com/blog/zoom-patches-multiple-flaws-and-responds-to-security-and-privacy-concerns
- https://www.tenable.com/blog/cve-2020-8467-cve-2020-8468-vulnerabilities-in-trend-micro-apex-one-and-officescan-exploited-in
Tenable Research Blogs
- https://medium.com/tenable-techblog/pi-sniffers-travels-a0db63c1434a
- https://medium.com/tenable-techblog/targeting-a-macos-application-update-your-path-traversal-lists-a1055959a75a
- https://medium.com/tenable-techblog/more-medical-record-security-flaws-81759f673a0
Follow the Security Response Team on the Tenable Community.
Hello EternalDarkness, My New Friend
On this episode, we talk about Microsoft’s Patch Tuesday for March which covered a whopping 115 vulnerabilities! However, CVE-2020-0796 stole the show. Satnam walks us through the vulnerability, how it compares to EternalBlue and what practitioners need to know. Giuliana Carullo from the Tenable Vulnerability Database team also joined us to continue the conversation about automation and how her team models the vulnerability landscape.
- Listen:
Show Notes
Recent SRT Blogs
- https://www.tenable.com/blog/cve-2020-0796-wormable-remote-code-execution-vulnerability-in-microsoft-server-message-block
- https://www.tenable.com/blog/microsoft-s-march-2020-patch-tuesday-addresses-115-cves-including-58-elevation-of-privilege
- https://www.tenable.com/blog/cve-2020-10189-deserialization-vulnerability-in-zoho-manageengine-desktop-central-10-patched
- https://www.tenable.com/blog/cve-2020-8597-buffer-overflow-vulnerability-in-point-to-point-protocol-daemon-pppd
- https://www.tenable.com/blog/cve-2020-0688-microsoft-exchange-server-static-key-flaw-could-lead-to-remote-code-execution
- https://www.tenable.com/blog/cve-2020-6418-google-chrome-type-confusion-vulnerability-exploited-in-the-wild
- https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
- https://www.tenable.com/blog/duplicator-wordpress-plugin-vulnerability-exploited-in-the-wild
Apply to work on the Tenable Vulnerability Database team.
Follow the Security Response Team on the Tenable Community.
Automating Vulnerability Intelligence Feeds the Right Way
On this episode, we talk about February’s Patch Tuesday, the release of a PoC for CVE-2020-0618, and exploitation of a vulnerability in the ThemeGrill Demo Importer plugin for WordPress. We also speak with Ryan Hoy about the Vulnerability Intelligence Feeds and the work his team does developing and improved the plugin automation framework.
Catch Tenable Researchers presenting at BSides Tampa on February 29.
- Listen:
Show Notes
Recent SRT Blogs:
- https://www.tenable.com/blog/cve-2020-0618-proof-of-concept-for-microsoft-sql-server-reporting-services-vulnerability-0
- https://www.tenable.com/blog/themegrill-demo-importer-vulnerability-actively-exploited-in-the-wild
- https://www.tenable.com/blog/microsoft-s-february-2020-patch-tuesday-addresses-99-cves-including-internet-explorer-zero-day
- https://www.tenable.com/blog/cdpwn-cisco-discovery-protocol-vulnerabilities-disclosed-by-researchers
Primary Research
The Tenable Tech Blog on Medium
- https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b
- https://medium.com/tenable-techblog/exploiting-jira-for-host-discovery-43be3cddf023
Follow the Security Response Team on the Tenable Community.
About the
Tenable Research Podcast
Join members of Tenable Research for a discussion about the latest vulnerabilities, exploits and cyber threats. Analysis, insights and guidance for information security and IT professionals who want to stay in the know.
About
Your Hosts
Claire Tills is a product marketing manager for Nessus and Tenable Research. She is responsible for translating the work of the Tenable Research teams and Nessus product into insight and guidance for the information security community. Before joining Tenable, Claire worked for the FS-ISAC upon receiving a Master’s degree in communication, with a focus on information security.
Satnam Narang joined Tenable in 2018 as a Senior Security Response Manager. He has over 14 years experience in the industry (M86 Security and Symantec). He contributed to the Anti-Phishing Working Group, helped develop a Social Networking Guide for the National Cyber Security Alliance, uncovered a huge spam botnet on Twitter and was the first to report on spam bots on Tinder. He's appeared on NBC Nightly News, Entertainment Tonight, Bloomberg West, and the Why Oh Why podcast.