Tenable
Podcasts

We kick things off with this month’s vulnerability news as well as some primary research Satnam has done into questionable advertisements on TikTok. Then, we speak with Justin Brown about the joys of audit and compliance. Specifically, he talks about how his team works to develop and improve over 100,000 configuration checks.

• Listen:
• 
• 
• 
• 

Show References

• Microsoft’s September 2020 Patch Tuesday Addresses 129 CVEs
• Critical Vulnerability in File Manager WordPress Plugin Exploited in the Wild
• CVE-2020-3566, CVE-2020-3569: Zero-Day Vulnerabilities in Cisco IOS XR Software Targeted in the Wild
• CVE-2020-5776, CVE-2020-5777: Multiple Vulnerabilities in the MAGMI Magento Mass Import Plugin
• CVE-2019-0230: Apache Struts Potential Remote Code Execution Vulnerability
• TikTok Ad Scams: Insufficient Moderation Leaves 'For You' Page Filled with Dubious Apps, Products and Services


Edge Week Agenda

Satnam starts us off with a veritable parade of vulnerabilities maxing out CVSS severity. Ripple20, PAN OS, BIG-IP, SIGRed, RECON - lots to cover and Satnam breaks it all down for us. As a bit of a palate cleanser, we talk to Tony Huffman and Tyler Coumbes about how Threat Automation works in products.

• Listen:
• 
• 
• 
• 

Show References

• https://www.tenable.com/blog/cve-2020-11896-cve-2020-11897-cve-2020-11901-ripple20-zero-day-vulnerabilities-in-treck-tcpip
• https://www.tenable.com/blog/cve-2020-2021-palo-alto-networks-pan-os-vulnerable-to-critical-authentication-bypass
• https://twitter.com/RyanLNewington/status/1278074919092289537?s=20 
• https://www.tenable.com/blog/cve-2017-7391-vulnerability-in-magento-mass-import-magmi-plugin-exploited-in-the-wild
• https://www.tenable.com/blog/cve-2020-5902-critical-vulnerability-in-f5-big-ip-traffic-management-user-interface-tmui
• https://www.tenable.com/blog/cve-2020-6287-critical-vulnerability-in-sap-netweaver-application-server-java-disclosed-recon
• https://www.tenable.com/blog/microsoft-s-july-2020-patch-tuesday-addresses-123-cves-including-wormable-windows-dns-server
• https://www.tenable.com/blog/cve-2020-1350-wormable-remote-code-execution-vulnerability-in-windows-dns-server-sigred
• https://www.tenable.com/blog/tenable-research-discloses-multiple-vulnerabilities-in-plex-media-server

Tenable Research on Medium - https://medium.com/tenable-techblog

We kick things off this episode talking to David Wells about his work with the Zero Day Research Team. He tells about recent bugs he’s found in Signal and an interesting bypass method for User Account Control in Windows. Then we hear from Satnam Narang about the latest vulnerabilities and patches (spoiler: there’s a lot of ghosts and SMB).

• Listen:
• 
• 
• 

Show References

• https://www.tenable.com/blog/microsoft-s-june-2020-patch-tuesday-addresses-129-cves-including-newly-disclosed-smbv3
• https://www.tenable.com/blog/smbleed-cve-2020-1206-and-smblost-cve-2020-1301-vulnerabilities-affect-microsoft-smbv3-and
• https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
• https://medium.com/tenable-techblog/multiple-vulnerabilities-in-tcexam-f6ae38c6fb8a
• https://medium.com/tenable-techblog/turning-signal-app-into-a-coarse-tracking-device-643eb4298447
• https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b
• https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e

Tenable Research on Medium - https://medium.com/tenable-techblog