We’re joined by four members of the Zero Day Research team - Nick Miles, Jimi Sebree, Chris Lyne, and Evan Grant - to talk about what it’s like being a security researcher in 2020. Conferences mostly cancelled, vendor responses fluctuating, concerns about selecting targets and promoting work - it’s complicated out there for researchers. As always, Satnam Narang breaks down the latest vulnerability news for us.

Show References:

Microsoft’s December 2020 Patch Tuesday Addresses 58 CVEs including CVE-2020-25705 (SAD DNS)
Cloudflare’s Blog Post on SAD DNS
CVE-2020-4006: VMware Command Injection Flaw Exploited by Russian State-Sponsored Threat Actors
CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager Disclosed
Spam warning on Cash Ash

Zero Day Research
COVID-19 Pandemic Data: As Attack Surface Expands, Software Vendors Improve Vulnerability Response Times
PsExec Local Privilege Escalation
Hacking in Among Us
TP-Link Takeover with a Flash Drive
Inside Amazon’s Ring Alarm System

Follow along for more from Tenable Research:
Subscribe to the blog
Follow Tenable’s Zero Day team on Medium
Tenable Research Podcast Musical References