Sign up to save your podcasts
Or
Share What's the deal with Web App Scanning?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
What's the deal with Web App Scanning?
Satnam walks us through May’s Patch Tuesday which, even at 111 vulnerabilities, was a bit calmer than prior months’ releases. We also talk about vulnerabilities in vBulletin, Cisco, Salt Framework and Sophos XG Firewall - and more. Satnam highlights primary research including flaws Tenable Research found in Instacart’s website and social media scams. To round it out, Eric Detoisien, Director of Research for WAS Content, joins us to talk about web application scanning and how his small-but-brilliant team develops WAS plugins.
Show References:
SophosLabs on “Asnarök” Trojan - https://news.sophos.com/en-us/2020/04/26/asnarok/
Second Grader Hacks System, Shows Kids How to Access Any Student Account - https://bocanewsnow.com/2020/05/12/coronavirus-massive-palm-beach-county-school-district-student-password-breach/
WAS SSL/TLS plugins - https://staging.tenable.com/plugins/was/families/SSL%2FTLS
Recently from Research:
https://www.tenable.com/blog/scams-exploit-covid-19-giveaways-via-venmo-paypal-and-cash-app
https://www.tenable.com/blog/microsoft-s-may-2020-patch-tuesday-addresses-111-cves
https://www.tenable.com/blog/instacart-patches-sms-spoofing-vulnerability-discovered-by-tenable-research
https://www.tenable.com/blog/cve-2020-12720-vbulletin-urges-users-to-patch-undisclosed-security-vulnerability
https://www.tenable.com/blog/cisco-patches-multiple-flaws-in-adaptive-security-appliance-firepower-threat-cve-2020-3187
https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wild
https://www.tenable.com/blog/wordpress-e-learning-plugin-vulnerabilities-range-from-cheating-to-remote-code-execution
https://www.tenable.com/blog/cve-2020-12271-zero-day-sql-injection-vulnerability-in-sophos-xg-firewall-exploited-in-the-wild
https://www.tenable.com/blog/multiple-zero-day-vulnerabilities-in-ios-mail-app-exploited-in-the-wild
https://www.tenable.com/blog/adv200004-microsoft-releases-out-of-band-advisory-to-address-flaws-in-autodesk-filmbox-fbx
https://medium.com/tenable-techblog/remapping-python-opcodes-67d79586bfd5
https://medium.com/tenable-techblog/getting-root-on-macos-via-3rd-party-backup-software-b804085f0c9
Follow the Security Response Team on the Tenable Community https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts
View all episodes
By Tenable Research
5
33 ratings
Satnam walks us through May’s Patch Tuesday which, even at 111 vulnerabilities, was a bit calmer than prior months’ releases. We also talk about vulnerabilities in vBulletin, Cisco, Salt Framework and Sophos XG Firewall - and more. Satnam highlights primary research including flaws Tenable Research found in Instacart’s website and social media scams. To round it out, Eric Detoisien, Director of Research for WAS Content, joins us to talk about web application scanning and how his small-but-brilliant team develops WAS plugins.
Show References:
SophosLabs on “Asnarök” Trojan - https://news.sophos.com/en-us/2020/04/26/asnarok/
Second Grader Hacks System, Shows Kids How to Access Any Student Account - https://bocanewsnow.com/2020/05/12/coronavirus-massive-palm-beach-county-school-district-student-password-breach/
WAS SSL/TLS plugins - https://staging.tenable.com/plugins/was/families/SSL%2FTLS
Recently from Research:
https://www.tenable.com/blog/scams-exploit-covid-19-giveaways-via-venmo-paypal-and-cash-app
https://www.tenable.com/blog/microsoft-s-may-2020-patch-tuesday-addresses-111-cves
https://www.tenable.com/blog/instacart-patches-sms-spoofing-vulnerability-discovered-by-tenable-research
https://www.tenable.com/blog/cve-2020-12720-vbulletin-urges-users-to-patch-undisclosed-security-vulnerability
https://www.tenable.com/blog/cisco-patches-multiple-flaws-in-adaptive-security-appliance-firepower-threat-cve-2020-3187
https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wild
https://www.tenable.com/blog/wordpress-e-learning-plugin-vulnerabilities-range-from-cheating-to-remote-code-execution
https://www.tenable.com/blog/cve-2020-12271-zero-day-sql-injection-vulnerability-in-sophos-xg-firewall-exploited-in-the-wild
https://www.tenable.com/blog/multiple-zero-day-vulnerabilities-in-ios-mail-app-exploited-in-the-wild
https://www.tenable.com/blog/adv200004-microsoft-releases-out-of-band-advisory-to-address-flaws-in-autodesk-filmbox-fbx
https://medium.com/tenable-techblog/remapping-python-opcodes-67d79586bfd5
https://medium.com/tenable-techblog/getting-root-on-macos-via-3rd-party-backup-software-b804085f0c9
Follow the Security Response Team on the Tenable Community https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts