Tenable
Podcasts

Welcome back to the Tenable Research Podcast. In this new episode we look back at June’s Microsoft patches, and ask Tenable senior research engineer Satnam Narang what he feels the reasons are for the number of patches generally decreasing both monthly and annually.

We are also joined by director of product management Ray Carney, as we look into the increase of ransomware in 2021, what have been the causes of this increase, and what the threat landscape looks like currently.

• Listen:
• 
• 
• 
• 
• 

Show References

• Microsoft’s June 2021 Patch Tuesday Addresses 49 CVEs (CVE-2021-31955, CVE-2021-31956 and CVE-2021-33742)
• CVE-2021-21985: Critical VMware vCenter Server Remote Code Execution

Follow along for more from Tenable Research:

• Subscribe to the blog
• Follow Tenable’s Zero Day team on Medium

It was a long summer and fall months; nevertheless, we are back at it. This is the "lost" episode and final for 2020. We will try to be more regular in 2021.Happy New Year! & Stay Safe!In this episode, Gavin and I discuss what we have been up to over the last several months as we'll discuss some major improvements/innovations here at Tenable.

• Listen:
• 
• 
• 

Show notes:

• Cyber Exposure Alerts

This month, Luke is back and he and Satnam have a lot to say about security advisories. As always, we walk through the latest vulnerability news - specifically diving into “Zerologon” and “Bad Neighbor” as well as multiple alerts from CISA. Many advisories recently were focused on chaining vulnerabilities, providing insight into how attackers are actually leveraging bugs in real attacks.

• Listen:
• 
• 
• 
• 

Show References

• Microsoft’s October 2020 Patch Tuesday Addresses 87 CVEs including “Bad Neighbor” Windows TCP/IP Vulnerability (CVE-2020-16898)
• CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain Controller
• CVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched Vulnerabilities
• US Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched Vulnerabilities
• CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed
• Multiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to Attack
• CVE-2020-6925, CVE-2020-6926, CVE-2020-6927: Multiple Vulnerabilities in HP Device Manager
• Tenable Research Spotify Playlist