Research
Security Research in 2020
December 10 · 52 minutes
We’re joined by four members of the Zero Day Research team - Nick Miles, Jimi Sebree, Chris Lyne, and Evan Grant - to talk about what it’s like being a security researcher in 2020. Conferences mostly cancelled, vendor responses fluctuating, concerns about selecting targets and promoting work - it’s complicated out there for researchers. As always, Satnam breaks down the latest vulnerability news for us.
- Listen:
Show References
- Microsoft’s December 2020 Patch Tuesday Addresses 58 CVEs including CVE-2020-25705 (SAD DNS)
- Cloudflare’s Blog Post on SAD DNS
- CVE-2020-4006: VMware Command Injection Flaw Exploited by Russian State-Sponsored Threat Actors
- CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security
- Manager Disclosed
- Spam warning on Cash Ash
- COVID-19 Pandemic Data: As Attack Surface Expands, Software Vendors Improve Vulnerability
- Response Times
- PsExec Local Privilege Escalation
- Hacking in Among Us
- TP-Link Takeover with a Flash Drive
- Inside Amazon’s Ring Alarm System
Follow along for more from Tenable Research:
- Research Podcast
- Tenable Vulnerability Management
