35 min

Security Advisories: the Good, the Bad, and the Weird Tenable Research Podcast

    • Technology

This month, Luke Tamagna-Darr is back and he and Satnam have a lot to say about security advisories. As always, we walk through the latest vulnerability news - specifically diving into “Zerologon” and “Bad Neighbor” as well as multiple alerts from CISA. Many advisories recently were focused on chaining vulnerabilities, providing insight into how attackers are leveraging bugs together in attacks.

Show References:
Writing Security Advisories: 5 Best Practices For Vendors
Microsoft’s October 2020 Patch Tuesday Addresses 87 CVEs including “Bad Neighbor” Windows TCP/IP Vulnerability (CVE-2020-16898)
CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain Controller
CVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched Vulnerabilities
US Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched Vulnerabilities
CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed
Multiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to Attack
CVE-2020-6925, CVE-2020-6926, CVE-2020-6927: Multiple Vulnerabilities in HP Device Manager
Tenable Research Spotify Playlist

This month, Luke Tamagna-Darr is back and he and Satnam have a lot to say about security advisories. As always, we walk through the latest vulnerability news - specifically diving into “Zerologon” and “Bad Neighbor” as well as multiple alerts from CISA. Many advisories recently were focused on chaining vulnerabilities, providing insight into how attackers are leveraging bugs together in attacks.

Show References:
Writing Security Advisories: 5 Best Practices For Vendors
Microsoft’s October 2020 Patch Tuesday Addresses 87 CVEs including “Bad Neighbor” Windows TCP/IP Vulnerability (CVE-2020-16898)
CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain Controller
CVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched Vulnerabilities
US Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched Vulnerabilities
CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed
Multiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to Attack
CVE-2020-6925, CVE-2020-6926, CVE-2020-6927: Multiple Vulnerabilities in HP Device Manager
Tenable Research Spotify Playlist

35 min

Top Podcasts In Technology

Lex Fridman Podcast
Lex Fridman
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
No Priors: Artificial Intelligence | Machine Learning | Technology | Startups
Conviction | Pod People
BG2Pod with Brad Gerstner and Bill Gurley
BG2Pod
Acquired
Ben Gilbert and David Rosenthal
Hard Fork
The New York Times