Tenable
Podcasts

In this episode Bill and Gavin discuss Nessus on Raspberry Pi, which unfortunately didn't make it through the rigorous testing processes, and the top vulnerabilities you should be patching to secure the remote workforce.

• Tenable Solution Center: Protecting Your Remote Workforce
• How COVID-19 Response Is Expanding the Cyberattack Surface

Also apologies if we offend anyone this week, we might be going a tad stir crazy which is affecting our (Gavin's) filter somewhat.

• Listen:
• 
• 
• 
• 

On this episode, we talk about Microsoft’s Patch Tuesday for March which covered a whopping 115 vulnerabilities! However, CVE-2020-0796 stole the show. Satnam walks us through the vulnerability, how it compares to EternalBlue and what practitioners need to know. Giuliana Carullo from the Tenable Vulnerability Database team also joined us to continue the conversation about automation and how her team models the vulnerability landscape.

• Listen:
• 
• 
• 

Show Notes

Recent SRT Blogs

• https://www.tenable.com/blog/cve-2020-0796-wormable-remote-code-execution-vulnerability-in-microsoft-server-message-block
• https://www.tenable.com/blog/microsoft-s-march-2020-patch-tuesday-addresses-115-cves-including-58-elevation-of-privilege
• https://www.tenable.com/blog/cve-2020-10189-deserialization-vulnerability-in-zoho-manageengine-desktop-central-10-patched
• https://www.tenable.com/blog/cve-2020-8597-buffer-overflow-vulnerability-in-point-to-point-protocol-daemon-pppd
• https://www.tenable.com/blog/cve-2020-0688-microsoft-exchange-server-static-key-flaw-could-lead-to-remote-code-execution
• https://www.tenable.com/blog/cve-2020-6418-google-chrome-type-confusion-vulnerability-exploited-in-the-wild
• https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
• https://www.tenable.com/blog/duplicator-wordpress-plugin-vulnerability-exploited-in-the-wild

Apply to work on the Tenable Vulnerability Database team.

Follow the Security Response Team on the Tenable Community.

On this episode, we talk about February’s Patch Tuesday, the release of a PoC for CVE-2020-0618, and exploitation of a vulnerability in the ThemeGrill Demo Importer plugin for WordPress. We also speak with Ryan Hoy about the Vulnerability Intelligence Feeds and the work his team does developing and improved the plugin automation framework.

Catch Tenable Researchers presenting at BSides Tampa on February 29.

• Listen:
• 
• 
• 

Show Notes

Recent SRT Blogs:

• https://www.tenable.com/blog/cve-2020-0618-proof-of-concept-for-microsoft-sql-server-reporting-services-vulnerability-0
• https://www.tenable.com/blog/themegrill-demo-importer-vulnerability-actively-exploited-in-the-wild
• https://www.tenable.com/blog/microsoft-s-february-2020-patch-tuesday-addresses-99-cves-including-internet-explorer-zero-day
• https://www.tenable.com/blog/cdpwn-cisco-discovery-protocol-vulnerabilities-disclosed-by-researchers

Primary Research

• https://www.tenable.com/blog/cryptocurrency-scams-fake-giveaways-impersonate-followers-of-political-and-other-notable 

The Tenable Tech Blog on Medium

• https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b
• https://medium.com/tenable-techblog/exploiting-jira-for-host-discovery-43be3cddf023

Follow the Security Response Team on the Tenable Community.