Our guest this month is Luke Tamagna-Darr and he tells us about some of the automation projects his team is working on, including predicting CVSS vectors when they are missing from vulnerability descriptions. As always, Satnam walks us through the latest vulnerability news as well as the work Tenable Research has done to identify devices impacted by Ripple20.

Show References

Microsoft’s August 2020 Patch Tuesday Addresses 120 CVEs (CVE-2020-1337)

Zero-Day Remote Code Execution Vulnerability in vBulletin Disclosed

Ripple20: More Vulnerable Devices Discovered, Including New Vendors

CVE-2020-10713: “BootHole” GRUB2 Bootloader Arbitrary Code Execution Vulnerability

CVE-2020-3452: Cisco Adaptive Security Appliance and Firepower Threat Defense Path Traversal Vulnerability

Satnam starts us off with a veritable parade of vulnerabilities maxing out CVSS severity. Ripple20, PAN OS, BIG-IP, SIGRed, RECON - lots to cover and Satnam breaks it all down for us. As a bit of a palate cleanser, we talk to Tony Huffman and Tyler Coumbes about how Threat Automation works in products.

Show References

CVE-2020-11896, CVE-2020-11897, CVE-2020-11901: Ripple20 Zero-Day Vulnerabilities in Treck TCP/IP Libraries Disclosed

CVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical Authentication Bypass Vulnerability

https://twitter.com/RyanLNewington/status/1278074919092289537?s=20 

CVE-2017-7391: Vulnerability in Magento Mass Import (MAGMI) Plugin Exploited in the Wild

CVE-2020-5902: Critical Vulnerability in F5 BIG-IP Traffic Management User Interface (TMUI) Actively Exploited

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server JAVA Disclosed (RECON)

Microsoft’s July 2020 Patch Tuesday Addresses 123 CVEs Including Wormable Windows DNS Server RCE (CVE-2020-1350) (SIGRed)

CVE-2020-1350: Wormable Remote Code Execution Vulnerability in Windows DNS Server Disclosed (SIGRed)

Tenable Research Discloses Multiple Vulnerabilities in Plex Media Server 

We kick things off this episode talking to David Wells about his work with the Zero Day Research Team. He tells about recent bugs he’s found in Signal and an interesting bypass method for User Account Control in Windows. Then we hear from Satnam Narang about the latest vulnerabilities and patches (spoiler: there’s a lot of ghosts and SMB).

Show References:

https://www.tenable.com/blog/microsoft-s-june-2020-patch-tuesday-addresses-129-cves-including-newly-disclosed-smbv3

https://www.tenable.com/blog/smbleed-cve-2020-1206-and-smblost-cve-2020-1301-vulnerabilities-affect-microsoft-smbv3-and

https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of

https://medium.com/tenable-techblog/multiple-vulnerabilities-in-tcexam-f6ae38c6fb8a

https://medium.com/tenable-techblog/turning-signal-app-into-a-coarse-tracking-device-643eb4298447

https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b

https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e

Tenable Research on Medium - https://medium.com/tenable-techblog

Satnam walks us through May’s Patch Tuesday which, even at 111 vulnerabilities, was a bit calmer than prior months’ releases. We also talk about vulnerabilities in vBulletin, Cisco, Salt Framework and Sophos XG Firewall - and more. Satnam highlights primary research including flaws Tenable Research found in Instacart’s website and social media scams. To round it out, Eric Detoisien, Director of Research for WAS Content, joins us to talk about web application scanning and how his small-but-brilliant team develops WAS plugins.

Show References:
SophosLabs on “Asnarök” Trojan - https://news.sophos.com/en-us/2020/04/26/asnarok/
Second Grader Hacks System, Shows Kids How to Access Any Student Account - https://bocanewsnow.com/2020/05/12/coronavirus-massive-palm-beach-county-school-district-student-password-breach/
WAS SSL/TLS plugins - https://staging.tenable.com/plugins/was/families/SSL%2FTLS

Recently from Research:
https://www.tenable.com/blog/scams-exploit-covid-19-giveaways-via-venmo-paypal-and-cash-app 
https://www.tenable.com/blog/microsoft-s-may-2020-patch-tuesday-addresses-111-cves
https://www.tenable.com/blog/instacart-patches-sms-spoofing-vulnerability-discovered-by-tenable-research
https://www.tenable.com/blog/cve-2020-12720-vbulletin-urges-users-to-patch-undisclosed-security-vulnerability
https://www.tenable.com/blog/cisco-patches-multiple-flaws-in-adaptive-security-appliance-firepower-threat-cve-2020-3187
https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wild
https://www.tenable.com/blog/wordpress-e-learning-plugin-vulnerabilities-range-from-cheating-to-remote-code-execution
https://www.tenable.com/blog/cve-2020-12271-zero-day-sql-injection-vulnerability-in-sophos-xg-firewall-exploited-in-the-wild
https://www.tenable.com/blog/multiple-zero-day-vulnerabilities-in-ios-mail-app-exploited-in-the-wild
https://www.tenable.com/blog/adv200004-microsoft-releases-out-of-band-advisory-to-address-flaws-in-autodesk-filmbox-fbx
https://medium.com/tenable-techblog/remapping-python-opcodes-67d79586bfd5
https://medium.com/tenable-techblog/getting-root-on-macos-via-3rd-party-backup-software-b804085f0c9

Follow the Security Response Team on the Tenable Community https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts

Once again, we’re talking about Microsoft Patch Tuesday, this time with the added bonus of a record-breaking Oracle Critical Patch Update. All told, the releases covered 563 CVEs! Satnam Narang discusses vulnerabilities in VMware vCenter and Zoom, as well as some primary research the SRT has done about protecting the remote workforce. Our guests this episode are Jesus Galan, Research Manager of Vulnerability Detection and Greg Betz, Research Manager for Asset Competitiveness. They joined us to talk about OS fingerprinting.

Recent SRT Blogs

https://www.tenable.com/blog/oracle-april-2020-critical-patch-update-includes-record-breaking-397-security-updates 

https://www.tenable.com/blog/microsoft-april-2020-patch-tuesday-addresses-113-cves-including-adobe-type-manager-library 

https://www.tenable.com/blog/cve-2020-3952-sensitive-information-disclosure-in-vmware-vcenter-server-vmsa-2020-0006

https://www.tenable.com/blog/cve-2020-6819-cve-2020-6820-critical-mozilla-firefox-zero-day-vulnerabilities-exploited-in-wild

https://www.tenable.com/blog/zoom-patches-multiple-flaws-and-responds-to-security-and-privacy-concerns

https://www.tenable.com/blog/cve-2020-8467-cve-2020-8468-vulnerabilities-in-trend-micro-apex-one-and-officescan-exploited-in

Tenable Research Blogs

https://medium.com/tenable-techblog/pi-sniffers-travels-a0db63c1434a 

https://medium.com/tenable-techblog/targeting-a-macos-application-update-your-path-traversal-lists-a1055959a75a

https://medium.com/tenable-techblog/more-medical-record-security-flaws-81759f673a0 

Follow the Security Response Team on the Tenable Community https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts

On this episode, we talk about Microsoft’s Patch Tuesday for March which covered a whopping 115 vulnerabilities! However, CVE-2020-0796 stole the show. Satnam walks us through the vulnerability, how it compares to EternalBlue and what practitioners need to know. Giuliana Carullo from the Tenable Vulnerability Database team also joined us to continue the conversation about automation and how her team models the vulnerability landscape.

Recent SRT Blogs

https://www.tenable.com/blog/cve-2020-0796-wormable-remote-code-execution-vulnerability-in-microsoft-server-message-block

https://www.tenable.com/blog/microsoft-s-march-2020-patch-tuesday-addresses-115-cves-including-58-elevation-of-privilege

https://www.tenable.com/blog/cve-2020-10189-deserialization-vulnerability-in-zoho-manageengine-desktop-central-10-patched

https://www.tenable.com/blog/cve-2020-8597-buffer-overflow-vulnerability-in-point-to-point-protocol-daemon-pppd

https://www.tenable.com/blog/cve-2020-0688-microsoft-exchange-server-static-key-flaw-could-lead-to-remote-code-execution

https://www.tenable.com/blog/cve-2020-6418-google-chrome-type-confusion-vulnerability-exploited-in-the-wild

https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487

https://www.tenable.com/blog/duplicator-wordpress-plugin-vulnerability-exploited-in-the-wild

Apply to work on the Tenable Vulnerability Database team

https://careers.tenable.com/jobs/software-engineer-automation-python-columbia-maryland-united-states-32b2ddc4-5a2c-4317-b349-afd4db64210d

Follow the Security Response Team on the Tenable Community https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts

On this episode, we talk about February’s Patch Tuesday, the release of a PoC for CVE-2020-0618, and exploitation of a vulnerability in the ThemeGrill Demo Importer plugin for WordPress. We also speak with Ryan Hoy about the Vulnerability Intelligence Feeds and the work his team does developing and improved the plugin automation framework.

Catch Tenable Researchers presenting at BSides Tampa on February 29.

Recent SRT blog posts:

https://www.tenable.com/blog/cve-2020-0618-proof-of-concept-for-microsoft-sql-server-reporting-services-vulnerability-0

https://www.tenable.com/blog/themegrill-demo-importer-vulnerability-actively-exploited-in-the-wild

https://www.tenable.com/blog/microsoft-s-february-2020-patch-tuesday-addresses-99-cves-including-internet-explorer-zero-day

https://www.tenable.com/blog/cdpwn-cisco-discovery-protocol-vulnerabilities-disclosed-by-researchers 

Primary Research

https://www.tenable.com/blog/cryptocurrency-scams-fake-giveaways-impersonate-followers-of-political-and-other-notable

The Tenable Tech Blog on Medium

https://medium.com/tenable-techblog/bypass-windows-10-user-group-policy-and-more-with-this-one-weird-trick-552d4bc5cc1b?source=collection_home---4------0-----------------------

https://medium.com/tenable-techblog/exploiting-jira-for-host-discovery-43be3cddf023

Follow the Security Response Team on the Tenable Community https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts