Tenable Research
Podcast

The recent Binding Operational Directive from CISA will see a number of U.S. government departments receive better instruction on which vulnerabilities need to be patched, and to do so within a six month time frame.

On this episode of the Tenable Research podcast, we look at what the vulnerabilities are, how they are determined, who is affected and what this could mean for other governments around the world, and other businesses also.

• Listen
• 
• 
• 
• 

Show References

• Binding Operational Directive 22-01 
• CISA Directive 22-01: How Tenable Can Help You Find and Fix Known Exploited Vulnerabilities 
• https://cyber.dhs.gov/bod/22-01/
• How Risk-Based Vulnerability Management Helps You Effectively Address CISA’s Binding Operational Directive 22-01

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable’s Zero Day team on Medium

This month we look at patches from Apache and VMware, an example of very rapid response to a researcher’s findings, and another quiet month from Microsoft’s Patch Tuesday, with guests Claire Tills and Satnam Narang from Tenable's Security Response Team.

• Listen:
• 
• 
• 
• 

Show References

• CVE-2021-22005: Critical File Upload Vulnerability in VMware vCenter Server
• CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited
• Microsoft’s October 2021 Patch Tuesday Addresses 74 CVEs (CVE-2021-40449)
• CVE-2021-34527: Microsoft Releases Out-of-Band Patch for PrintNightmare Vulnerability in Windows Print Spooler
• CVE-2021-1675: Proof-of-Concept Leaked for Critical Windows Print Spooler Vulnerability
• The PrintNightmare Continues: Another Zero-Day in Print Spooler Awaits Patch (CVE-2021-36958)
• Finding Proxylogon and Related Microsoft Exchange Vulnerabilities: How Tenable Can Help

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable’s Zero Day team on Medium

On this edition of the Research podcast, we talk to Satnam Narang and Claire Tills about the Security Response Team’s recent research blog around SSL VPN vulnerabilities. That blog looked back at how three particular flaws in major VPNs are frequently exploited, so we look at when these vulnerabilities were disclosed, what the impact of them are, who has been attempting to exploit them and who the targets have been.

• Listen:
• 
• 
• 
• 

Show References

• Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs 
• Zero-Day Vulnerability in SonicWall Secure Mobile Access (SMA) Exploited in the Wild 

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable’s Zero Day team on Medium

As the first major security conference prepares to take place, Tenable's chief security strategist Nathan Wenzler talks to Dan Raywood about what the conference scene could look like going forward, what people can expect from the experience and what virtual and in person delegates will be looking to gain from attending.

• Listen:
• 
• 
• 
• 

Welcome back to the Tenable Research Podcast. In this new episode we look back at June’s Microsoft patches, and ask Tenable senior research engineer Satnam Narang what he feels the reasons are for the number of patches generally decreasing both monthly and annually.

We are also joined by director of product management Ray Carney, as we look into the increase of ransomware in 2021, what have been the causes of this increase, and what the threat landscape looks like currently.

• Listen:
• 
• 
• 
• 
• 

Show References

• Microsoft’s June 2021 Patch Tuesday Addresses 49 CVEs (CVE-2021-31955, CVE-2021-31956 and CVE-2021-33742)
• CVE-2021-21985: Critical VMware vCenter Server Remote Code Execution

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable’s Zero Day team on Medium

On this episode, we talk about November Patch Tuesday - Satnam highlights some of the vulnerabilities and we discuss the new, limited format for the advisories from Microsoft. Our guest this month is Grant Dobbe who gives us a crash course on compliance benchmarks and how to pick the right one for you. The key lesson: don’t try to put a jet engine on a Cessna.

• Listen:
• 
• 
• 
• 

Show References

• Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
• Webinar: Ramp-Up Your Response to Latest State Sponsored Attacks
• Microsoft’s November 2020 Patch Tuesday Addresses 112 CVEs including CVE-2020-17087
• CVE-2020-15999, CVE-2020-17087: Google Chrome FreeType and Microsoft Windows Kernel Zero Days Exploited in the Wild
• Google patches two more Chrome zero-days
• Apple patches iOS against 3 actively exploited 0-days found by Google
• Oracle Critical Patch Update for October 2020 Addresses 402 Security Updates
• CVE-2020-14882: Oracle WebLogic Remote Code Execution Vulnerability Exploited in the Wild
• Oracle Security Alert Advisory - CVE-2020-14750 (Out-of-Band)
• CVE-2020-14871: Critical Buffer Overflow in Oracle Solaris Exploited in the Wild as Zero-Day
• CVE-2020-27615: SQL Injection Vulnerability in WordPress Loginizer Plugin Affected Over One Million Sites
• CVE-2020-16846, CVE-2020-25592: Critical Vulnerabilities in Salt Framework Disclosed
• Webinar: How to Unlock the Security Benefits of the CIS Benchmarks
• CIS Benchmarks
• DISA STIGs
• STIG Viewer
• Single Check Audits on Github
• Github: Audit file for CVE-2020-14871

Tenable Research Podcast Musical References

We kick things off with this month’s vulnerability news as well as some primary research Satnam has done into questionable advertisements on TikTok. Then, we speak with Justin Brown about the joys of audit and compliance. Specifically, he talks about how his team works to develop and improve over 100,000 configuration checks.

• Listen:
• 
• 
• 
• 

Show References

• Microsoft’s September 2020 Patch Tuesday Addresses 129 CVEs
• Critical Vulnerability in File Manager WordPress Plugin Exploited in the Wild
• CVE-2020-3566, CVE-2020-3569: Zero-Day Vulnerabilities in Cisco IOS XR Software Targeted in the Wild
• CVE-2020-5776, CVE-2020-5777: Multiple Vulnerabilities in the MAGMI Magento Mass Import Plugin
• CVE-2019-0230: Apache Struts Potential Remote Code Execution Vulnerability
• TikTok Ad Scams: Insufficient Moderation Leaves 'For You' Page Filled with Dubious Apps, Products and Services


Edge Week Agenda

Satnam starts us off with a veritable parade of vulnerabilities maxing out CVSS severity. Ripple20, PAN OS, BIG-IP, SIGRed, RECON - lots to cover and Satnam breaks it all down for us. As a bit of a palate cleanser, we talk to Tony Huffman and Tyler Coumbes about how Threat Automation works in products.

• Listen:
• 
• 
• 
• 

Show References

• https://www.tenable.com/blog/cve-2020-11896-cve-2020-11897-cve-2020-11901-ripple20-zero-day-vulnerabilities-in-treck-tcpip
• https://www.tenable.com/blog/cve-2020-2021-palo-alto-networks-pan-os-vulnerable-to-critical-authentication-bypass
• https://twitter.com/RyanLNewington/status/1278074919092289537?s=20 
• https://www.tenable.com/blog/cve-2017-7391-vulnerability-in-magento-mass-import-magmi-plugin-exploited-in-the-wild
• https://www.tenable.com/blog/cve-2020-5902-critical-vulnerability-in-f5-big-ip-traffic-management-user-interface-tmui
• https://www.tenable.com/blog/cve-2020-6287-critical-vulnerability-in-sap-netweaver-application-server-java-disclosed-recon
• https://www.tenable.com/blog/microsoft-s-july-2020-patch-tuesday-addresses-123-cves-including-wormable-windows-dns-server
• https://www.tenable.com/blog/cve-2020-1350-wormable-remote-code-execution-vulnerability-in-windows-dns-server-sigred
• https://www.tenable.com/blog/tenable-research-discloses-multiple-vulnerabilities-in-plex-media-server

Tenable Research on Medium - https://medium.com/tenable-techblog

Satnam walks us through May’s Patch Tuesday which, even at 111 vulnerabilities, was a bit calmer than prior months’ releases. We also talk about vulnerabilities in vBulletin, Cisco, Salt Framework and Sophos XG Firewall - and more. Satnam highlights primary research including flaws Tenable Research found in Instacart’s website and social media scams. To round it out, Eric Detoisien, Director of Research for WAS Content, joins us to talk about web application scanning and how his small-but-brilliant team develops WAS plugins.

• Listen:
• 
• 
• 

Show Notes

• SophosLabs on “Asnarök” Trojan - https://news.sophos.com/en-us/2020/04/26/asnarok/
• Second Grader Hacks System, Shows Kids How to Access Any Student Account - https://bocanewsnow.com/2020/05/12/coronavirus-massive-palm-beach-county-school-district-student-password-breach/
• WAS SSL/TLS plugins - https://www.tenable.com/plugins/was/families/SSL%2FTLS 

Recently from Research:

• https://www.tenable.com/blog/scams-exploit-covid-19-giveaways-via-venmo-paypal-and-cash-app 
• https://www.tenable.com/blog/microsoft-s-may-2020-patch-tuesday-addresses-111-cves
• https://www.tenable.com/blog/instacart-patches-sms-spoofing-vulnerability-discovered-by-tenable-research
• https://www.tenable.com/blog/cve-2020-12720-vbulletin-urges-users-to-patch-undisclosed-security-vulnerability
• https://www.tenable.com/blog/cisco-patches-multiple-flaws-in-adaptive-security-appliance-firepower-threat-cve-2020-3187
• https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wild
• https://www.tenable.com/blog/wordpress-e-learning-plugin-vulnerabilities-range-from-cheating-to-remote-code-execution
• https://www.tenable.com/blog/cve-2020-12271-zero-day-sql-injection-vulnerability-in-sophos-xg-firewall-exploited-in-the-wild
• https://www.tenable.com/blog/multiple-zero-day-vulnerabilities-in-ios-mail-app-exploited-in-the-wild
• https://www.tenable.com/blog/adv200004-microsoft-releases-out-of-band-advisory-to-address-flaws-in-autodesk-filmbox-fbx
• https://medium.com/tenable-techblog/remapping-python-opcodes-67d79586bfd5
• https://medium.com/tenable-techblog/getting-root-on-macos-via-3rd-party-backup-software-b804085f0c9

Follow the Security Response Team on the Tenable Community.

On this episode, we talk about Microsoft’s Patch Tuesday for March which covered a whopping 115 vulnerabilities! However, CVE-2020-0796 stole the show. Satnam walks us through the vulnerability, how it compares to EternalBlue and what practitioners need to know. Giuliana Carullo from the Tenable Vulnerability Database team also joined us to continue the conversation about automation and how her team models the vulnerability landscape.

• Listen:
• 
• 
• 

Show Notes

Recent SRT Blogs

• https://www.tenable.com/blog/cve-2020-0796-wormable-remote-code-execution-vulnerability-in-microsoft-server-message-block
• https://www.tenable.com/blog/microsoft-s-march-2020-patch-tuesday-addresses-115-cves-including-58-elevation-of-privilege
• https://www.tenable.com/blog/cve-2020-10189-deserialization-vulnerability-in-zoho-manageengine-desktop-central-10-patched
• https://www.tenable.com/blog/cve-2020-8597-buffer-overflow-vulnerability-in-point-to-point-protocol-daemon-pppd
• https://www.tenable.com/blog/cve-2020-0688-microsoft-exchange-server-static-key-flaw-could-lead-to-remote-code-execution
• https://www.tenable.com/blog/cve-2020-6418-google-chrome-type-confusion-vulnerability-exploited-in-the-wild
• https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
• https://www.tenable.com/blog/duplicator-wordpress-plugin-vulnerability-exploited-in-the-wild

Apply to work on the Tenable Vulnerability Database team.

Follow the Security Response Team on the Tenable Community.