Tenable Research
Podcast

After we discussed the concept of Exposure Management on our last podcast, this time we welcome back Tenable’s senior principal security advocate Nathan Wenzler to discuss the concept of how you can determine your level of exposure, what has led to this level of vulnerability, and what options are available to you to better manage this.

• Listen:
• 
• 
• 
• 

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable's Zero Day team on Medium

In the field of responsible disclosure, a policy of 90 days to publicly disclose vulnerabilities has been created by industry. This time period should allow the researcher to disclose the vulnerability to the recipient company, giving them time to push a fix out before the original flaw can be announced.

However are we in a time where this time period still works? Some vulnerabilities can be fixed fairly rapidly as we work in cloud environments, while others can be more challenging to fix - such as in OT. We talked to Tenable’s Ivan Belyna and Nick Miles about the evolution of the 90 day policy, and its present and future, and what use advanced disclosure is to security leaders and to the wider industry. 

• Listen:
• 
• 
• 
• 

Show References

• Tales of Zero-Day Disclosure white paper 

•  2020 Podcast with Tenable's Zero-Day Team

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable's Zero Day team on Medium

Beyond the success of its impact, a lucrative criminal ecosystem has been developed for ransomware. This has seen ransomware-as-a-service (RaaS) creating an ecosystem utilizing multiple players, while the concept of double extortion has emerged, which involves exfiltrating data from victim organizations and publishing teasers about these breaches on the dark web.

In this new edition of the Tenable Research podcast, we talk with senior staff research engineer Satnam Narang about a new white paper which explores the working of this ecosystem, how it works and what the economics of the model are.

• Listen:
• 
• 
• 
• 

Show References

• White Paper Download Page
• Blog on Understanding the Ransomware Ecosystem
• Webinar on the Ransomware Ecosystem report
• ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable's Zero Day team on Medium

On this edition of the podcast, we look at the conversation around operational technology (OT) and attacks on critical infrastructure, as we mark a year since the Colonial Pipeline incident.

We're joined by Tenable's VP of operational technology Marty Edwards to talk about lessons learned, what work there is still to be done by practitioners, industry and researchers, and where the problems remain.

• Listen:
• 
• 
• 
• 

Show References

• Tenable blog - Securing Critical Infrastructure its Complicated 
• Amit Yoran Testimony
• Video of the Homeland Security Committee
• Joint Cybersecurity Advisory
• CBS News 60 Minutes Report 
• NCSC blog on Cyber Assessment Framework 

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable's Zero Day team on Medium

Have you ever sat in the audience at a conference, watched a video of a presentation, or listened to an interview on a podcast or TV, and seen a researcher and thought ‘how do I get to do that?’

Tenable now has a wide selection of researchers, covering security response, zero day research, audit and compliance and writing software plugins.

With more companies employing full time researchers now, we talked to two from Tenable about what the job entails, what you need to know to get hired, and what a typical day or week looks like. Joining this month are research senior managers Ivan Belyna and Jesus Garcia Galan.

• Listen:
• 
• 
• 
• 

Show References

• Research Jobs
• Tenable Careers 
• Tenable Research 

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable's Zero Day team on Medium

This month we talk to Renaud Deraison, outgoing CTO and a co-founder of Tenable, who talks . about his time developing Nessus from an open source scanner in 1998 to the development of Tenable over the past 20 years.

• Listen:
• 
• 
• 
• 

Show References

• Nessus Professional
• Tenable Research

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable's Zero Day team on Medium

As it is Black History Month in North America in February, we talked to the co-chairs of Black@Tenable, the diversity and inclusion group for African-American employees of Tenable, about the recognition of black leaders in technology, efforts to increase the hiring of people of color in cybersecurity, and how the industry is responding to that.

• Listen:
• 
• 
• 
• 

Show References

• Tenable Homepage
• Tenable Careers 
• Black History Month 

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable’s Zero Day team on Medium

This month we take a look back at the impact of Log4J and how both the industry and Tenable were able to respond to this major incident that affected so many users globally. There are also fresh fixes from SonicWall and ZoHo for ManageEngine, and the final batch of patches from Microsoft as it rounds off a quieter year.

• Listen:
• 
• 
• 
• 

Show References

• Proof-of-Concept for Critical Apache Log4j Remote Code Execution Vulnerability Available (Log4Shell)
• Log4j Resource Page
• Log4J Tenable Webinar
• SonicWall Urges Users to Patch Several Vulnerabilities in Secure Mobile Access Products
• ZoHo Patches ManageEngine Zero-Day Exploited in the Wild
• Microsoft’s December 2021 Patch Tuesday Addresses 67 CVEs

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable’s Zero Day team on Medium

This time we’re joined by Tenable’s security strategist Sylvain Cortes, as we look at the types of attacks being targeted at Active Directory, how attackers look to get a foothold into enterprise networks by exploiting AD, and what steps you can take to better secure yourself and your AD environment.

• Listen:
• 
• 
• 
• 

Show References

• Active Directory is Now in the Ransomware Crosshairs 
• How to Protect Active Directory Against Ransomware Attacks
• How to Strengthen Active Directory and Prevent Ransomware Attacks 

This month we review new blogs from Tenable’s Security Response Team on a vulnerability in Atlassian’s Confluence Server, review what made cybersecurity say “OMIGOD” and look at another light load of patches from Microsoft. We also look at new research on remote working statistics, and look at technology investment and attack trends which were discovered.

• Listen:
• 
• 
• 
• 

Show References

• Atlassian Confluence OGNL Injection Vulnerability Exploited in the Wild
• Critical Flaw Leaves Azure Linux VMs Vulnerable to Remote Code Execution
• Microsoft’s September 2021 Patch Tuesday Addresses 60 CVEs
• Tenable and Forrester cyber risk report

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable’s Zero Day team on Medium

This month we look at new blogs from Tenable’s security response team, including on a year of Zerologon, vulnerabilities in Microsoft Exchange Servers and Pulse Secure, and a widely spread flaw in wifi routers which could affect thousands of users globally.

• Listen:
• 
• 
• 
• 

Show References

• One Year Later: What Can We Learn from Zerologon? 
• Microsoft’s August 2021 Patch Tuesday Addresses 44 CVEs 
• Remote Code Execution Patch Bypass in Pulse Connect Secure 
• ProxyShell: Attackers Actively Scanning for Vulnerable Microsoft Exchange Servers 
• Bypassing Authentication on Arcadyan Routers with CVE-2021–20090 and rooting some Buffalo 

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable’s Zero Day team on Medium

In this episode we talk to security researchers Claire Tills and Satnam Narang on a busy month in cybersecurity headlines, from an MSP facing a major ransomware situation, to Microsoft’s attempts to keep up with the PrintNightmare issue, and evaluating July’s bumper Patch Tuesday offering.

• Listen:
• 
• 
• 
• 
• 

Show References

• Multiple Zero-Day Vulnerabilities in Kaseya VSA Exploited to Distribute REvil Ransomware
• Proof-of-Concept Leaked for Critical Windows Print Spooler Vulnerability
• Microsoft Releases Out-of-Band Patch for PrintNightmare Vulnerability in Windows Print Spooler
• Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable’s Zero Day team on Medium

We’re joined by four members of the Zero Day Research team - Nick Miles, Jimi Sebree, Chris Lyne, and Evan Grant - to talk about what it’s like being a security researcher in 2020. Conferences mostly cancelled, vendor responses fluctuating, concerns about selecting targets and promoting work - it’s complicated out there for researchers. As always, Satnam breaks down the latest vulnerability news for us.

• Listen:
• 
• 
• 
• 

Show References

• Microsoft’s December 2020 Patch Tuesday Addresses 58 CVEs including CVE-2020-25705 (SAD DNS)
• Cloudflare’s Blog Post on SAD DNS
• CVE-2020-4006: VMware Command Injection Flaw Exploited by Russian State-Sponsored Threat Actors
• CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security
• Manager Disclosed
• Spam warning on Cash Ash
• COVID-19 Pandemic Data: As Attack Surface Expands, Software Vendors Improve Vulnerability
• Response Times
• PsExec Local Privilege Escalation
• Hacking in Among Us
• TP-Link Takeover with a Flash Drive
• Inside Amazon’s Ring Alarm System

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable’s Zero Day team on Medium
• Tenable Research Podcast Musical References 

This month, Luke is back and he and Satnam have a lot to say about security advisories. As always, we walk through the latest vulnerability news - specifically diving into “Zerologon” and “Bad Neighbor” as well as multiple alerts from CISA. Many advisories recently were focused on chaining vulnerabilities, providing insight into how attackers are actually leveraging bugs in real attacks.

• Listen:
• 
• 
• 
• 

Show References

• Microsoft’s October 2020 Patch Tuesday Addresses 87 CVEs including “Bad Neighbor” Windows TCP/IP Vulnerability (CVE-2020-16898)
• CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain Controller
• CVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched Vulnerabilities
• US Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched Vulnerabilities
• CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed
• Multiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to Attack
• CVE-2020-6925, CVE-2020-6926, CVE-2020-6927: Multiple Vulnerabilities in HP Device Manager
• Tenable Research Spotify Playlist

Our guest this month is Luke Tamagna-Darr and he tells us about some of the automation projects his team is working on, including predicting CVSS vectors when they are missing from vulnerability descriptions. As always, Satnam walks us through the latest vulnerability news as well as the work Tenable Research has done to identify devices impacted by Ripple20.

• Listen:
• 
• 
• 

Show References

• Patch Tuesday (August 2020) - 120 CVEs, 17 Critical
• Zero-Day Remote Code Execution Vulnerability in vBulletin Disclosed
• Ripple20: More Vulnerable Devices Discovered, Including New Vendors
• CVE-2020-10713: “BootHole” GRUB2 Bootloader Arbitrary Code Execution Vulnerability
• CVE-2020-3452: Cisco Adaptive Security Appliance and Firepower Threat Defense Path Traversal Vulnerability

Tenable Research on Medium - https://medium.com/tenable-techblog

We kick things off this episode talking to David Wells about his work with the Zero Day Research Team. He tells about recent bugs he’s found in Signal and an interesting bypass method for User Account Control in Windows. Then we hear from Satnam Narang about the latest vulnerabilities and patches (spoiler: there’s a lot of ghosts and SMB).

• Listen:
• 
• 
• 

Show References

• https://www.tenable.com/blog/microsoft-s-june-2020-patch-tuesday-addresses-129-cves-including-newly-disclosed-smbv3
• https://www.tenable.com/blog/smbleed-cve-2020-1206-and-smblost-cve-2020-1301-vulnerabilities-affect-microsoft-smbv3-and
• https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
• https://medium.com/tenable-techblog/multiple-vulnerabilities-in-tcexam-f6ae38c6fb8a
• https://medium.com/tenable-techblog/turning-signal-app-into-a-coarse-tracking-device-643eb4298447
• https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b
• https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e

Tenable Research on Medium - https://medium.com/tenable-techblog

As per usual, we’re talking about Microsoft Patch Tuesday with the added bonus of a record-breaking Oracle Critical Patch Update. All told, the releases covered 563 CVEs! Satnam discusses vulnerabilities in VMware vCenter and Zoom, as well as some primary research the SRT has done about protecting the remote workforce. Our guests this episode are Jesus Galan, Research Manager of Vulnerability Detection and Greg Betz, Research Manager for Asset Competitiveness. They joined us to talk about OS fingerprinting.

• Listen:
• 
• 
• 

Show Notes

Recent SRT Blogs

• https://www.tenable.com/blog/oracle-april-2020-critical-patch-update-includes-record-breaking-397-security-updates 

• https://www.tenable.com/blog/microsoft-april-2020-patch-tuesday-addresses-113-cves-including-adobe-type-manager-library
• https://www.tenable.com/blog/cve-2020-3952-sensitive-information-disclosure-in-vmware-vcenter-server-vmsa-2020-0006
• https://www.tenable.com/blog/cve-2020-6819-cve-2020-6820-critical-mozilla-firefox-zero-day-vulnerabilities-exploited-in-wild
• https://www.tenable.com/blog/zoom-patches-multiple-flaws-and-responds-to-security-and-privacy-concerns
• https://www.tenable.com/blog/cve-2020-8467-cve-2020-8468-vulnerabilities-in-trend-micro-apex-one-and-officescan-exploited-in

Tenable Research Blogs

• https://medium.com/tenable-techblog/pi-sniffers-travels-a0db63c1434a 
• https://medium.com/tenable-techblog/targeting-a-macos-application-update-your-path-traversal-lists-a1055959a75a
• https://medium.com/tenable-techblog/more-medical-record-security-flaws-81759f673a0

Follow the Security Response Team on the Tenable Community.

On this episode, we talk about February’s Patch Tuesday, the release of a PoC for CVE-2020-0618, and exploitation of a vulnerability in the ThemeGrill Demo Importer plugin for WordPress. We also speak with Ryan Hoy about the Vulnerability Intelligence Feeds and the work his team does developing and improved the plugin automation framework.

Catch Tenable Researchers presenting at BSides Tampa on February 29.

• Listen:
• 
• 
• 

Show Notes

Recent SRT Blogs:

• https://www.tenable.com/blog/cve-2020-0618-proof-of-concept-for-microsoft-sql-server-reporting-services-vulnerability-0
• https://www.tenable.com/blog/themegrill-demo-importer-vulnerability-actively-exploited-in-the-wild
• https://www.tenable.com/blog/microsoft-s-february-2020-patch-tuesday-addresses-99-cves-including-internet-explorer-zero-day
• https://www.tenable.com/blog/cdpwn-cisco-discovery-protocol-vulnerabilities-disclosed-by-researchers

Primary Research

• https://www.tenable.com/blog/cryptocurrency-scams-fake-giveaways-impersonate-followers-of-political-and-other-notable 

The Tenable Tech Blog on Medium

• https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b
• https://medium.com/tenable-techblog/exploiting-jira-for-host-discovery-43be3cddf023

Follow the Security Response Team on the Tenable Community.