Security Advisories: the Good, the Bad, and the Weird
Oct 16 · 35 minutes
This month, Luke is back and he and Satnam have a lot to say about security advisories. As always, we walk through the latest vulnerability news - specifically diving into “Zerologon” and “Bad Neighbor” as well as multiple alerts from CISA. Many advisories recently were focused on chaining vulnerabilities, providing insight into how attackers are actually leveraging bugs in real attacks.
Show References
- Microsoft’s October 2020 Patch Tuesday Addresses 87 CVEs including “Bad Neighbor” Windows TCP/IP Vulnerability (CVE-2020-16898)
- CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain Controller
- CVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched Vulnerabilities
- US Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched Vulnerabilities
- CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices Disclosed
- Multiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to Attack
- CVE-2020-6925, CVE-2020-6926, CVE-2020-6927: Multiple Vulnerabilities in HP Device Manager
- Tenable Research Spotify Playlist
- Research Podcast
- Tenable Vulnerability Management