Security Research in 2020
Tenable Research Podcast
English - December 10, 2020 13:00 - 52 minutes - 35.9 MBTechnology News Tech News Homepage Download Google Podcasts Overcast Castro Pocket Casts RSS feed
We’re joined by four members of the Zero Day Research team - Nick Miles, Jimi Sebree, Chris Lyne, and Evan Grant - to talk about what it’s like being a security researcher in 2020. Conferences mostly cancelled, vendor responses fluctuating, concerns about selecting targets and promoting work - it’s complicated out there for researchers. As always, Satnam Narang breaks down the latest vulnerability news for us.
Show References:
Microsoft’s December 2020 Patch Tuesday Addresses 58 CVEs including CVE-2020-25705 (SAD DNS)
Cloudflare’s Blog Post on SAD DNS
CVE-2020-4006: VMware Command Injection Flaw Exploited by Russian State-Sponsored Threat Actors
CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager Disclosed
Spam warning on Cash Ash
Zero Day Research
COVID-19 Pandemic Data: As Attack Surface Expands, Software Vendors Improve Vulnerability Response Times
PsExec Local Privilege Escalation
Hacking in Among Us
TP-Link Takeover with a Flash Drive
Inside Amazon’s Ring Alarm System
Follow along for more from Tenable Research:
Subscribe to the blog
Follow Tenable’s Zero Day team on Medium
Tenable Research Podcast Musical References