Tenable Research Podcast
Tenable Research
All episodes
Best episodes
Seasons
Top 10 Tenable Research Podcast Episodes
Goodpods has curated a list of the 10 best Tenable Research Podcast episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to Tenable Research Podcast for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite Tenable Research Podcast episode by adding your comments to the episode page.
Benchmarks and You: Making the Right Match
Tenable Research Podcast
11/13/20 • 50 min
On this episode, we talk about November Patch Tuesday - Satnam highlights some of the vulnerabilities and we discuss the new, limited format for the advisories from Microsoft. Our guest this month is Grant Dobbe who gives us a crash course on compliance benchmarks and how to pick the right one for you. The key lesson: don’t try to put a jet engine on a Cessna.
Show References:
Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
Webinar: Ramp-Up Your Response to Latest State Sponsored Attacks
Microsoft’s November 2020 Patch Tuesday Addresses 112 CVEs including CVE-2020-17087
CVE-2020-15999, CVE-2020-17087: Google Chrome FreeType and Microsoft Windows Kernel Zero Days Exploited in the Wild
Google patches two more Chrome zero-days
Apple patches iOS against 3 actively exploited 0-days found by Google
Oracle Critical Patch Update for October 2020 Addresses 402 Security Updates
CVE-2020-14882: Oracle WebLogic Remote Code Execution Vulnerability Exploited in the Wild
Oracle Security Alert Advisory - CVE-2020-14750 (Out-of-Band)
CVE-2020-14871: Critical Buffer Overflow in Oracle Solaris Exploited in the Wild as Zero-Day
CVE-2020-27615: SQL Injection Vulnerability in WordPress Loginizer Plugin Affected Over One Million Sites
CVE-2020-16846, CVE-2020-25592: Critical Vulnerabilities in Salt Framework Disclosed
Webinar: How to Unlock the Security Benefits of the CIS Benchmarks
CIS Benchmarks
DISA STIGs
STIG Viewer
Single Check Audits on Github
Github: Audit file for CVE-2020-14871
Research Alliance Program - Shared Intelligence and Insight
Tenable Research Podcast
11/08/22 • 30 min
This month we talked to Tenable’s director of research product management Ray Carney and Eric Hoffman, director of partnerships and alliances at Greynoise, about the formation of a new research alliance program.
Announced in mid October, this is intended to facilitate collaboration and information sharing between industry partners, and support best-practice coordinated vulnerability disclosure in order to promote increased cooperation in order to reduce an attacker's free time.
Follow along for more from Tenable Research:
What is Exposed Externally That You’re Unaware Of, What Can Attackers See - and How to Manage Your Exposure
Tenable Research Podcast
10/03/22 • 40 min
After we discussed the concept of Exposure Management on our last podcast, this time we welcome back Tenable’s senior principal security advocate Nathan Wenzler to discuss the concept of how you can determine your level of exposure, what has led to this level of vulnerability, and what options are available to you to better manage this.
Follow along for more from Tenable Research:
Understanding and Achieving Exposure Management
Tenable Research Podcast
09/13/22 • 35 min
The concept of Exposure Management has become more and more prominent in recent months, as users understand how much they are exposed to attack, how they can protect their assets and what it takes to achieve a level of compliance.
In this podcast, we talk with Tenable’s senior principal security advocate Nathan Wenzler about the concept of Exposure Management, what it is, and what businesses need to do to adopt it.
Follow along for more from Tenable Research:
Reviewing 90 Day Responsible Disclosure Policies in 2022
Tenable Research Podcast
08/24/22 • 33 min
In the field of responsible disclosure, a policy of 90 days to publicly disclose vulnerabilities has been created by industry. This time period should allow the researcher to disclose the vulnerability to the recipient company, giving them time to push a fix out before the original flaw can be announced.
However are we in a time where this time period still works? Some vulnerabilities can be fixed fairly rapidly as we work in cloud environments, while others can be more challenging to fix - such as in OT. We talked to Tenable’s Ivan Belyna and Nick Miles about the evolution of the 90 day policy, and its present and future, and what use advanced disclosure is to security leaders and to the wider industry.
Show References
Follow along for more from Tenable Research:
Unsophisticated Extortion - Reflecting on the LAPSUS$ Group
Tenable Research Podcast
07/29/22 • 22 min
In the first few months of 2022, the LAPSUS$ Group made a major splash in the cybersecurity headlines as it conducted a series of attacks on the likes of Nvidia, Microsoft and Okta. However a few months later, they had disappeared and arrests were reported soon afterwards.
In a new blog, Tenable’s senior research engineer Claire Tills looked at the efforts of LAPSUS$ and what its motivations were, and how it is viewed now, and joins us on this podcast to discuss the extortion group further.
Show References
- Brazen, Unsophisticated and Illogical: Understanding the LAPSUS$ Extortion Group
- Ransomware Ecosystem White Paper Download Page
- Blog on Understanding the Ransomware Ecosystem
- Webinar on the Ransomware Ecosystem report
- BBC News - Oxford teen accused of being multi-millionaire cyber-criminal
- Bleeping Computer news report on Okta attack
Follow along for more from Tenable Research:
Understanding the Ransomware Ecosystem
Tenable Research Podcast
07/08/22 • 28 min
Beyond the success of its impact, a lucrative criminal ecosystem has been developed for ransomware. This has seen ransomware-as-a-service (RaaS) creating an ecosystem utilizing multiple players, while the concept of double extortion has emerged, which involves exfiltrating data from victim organizations and publishing teasers about these breaches on the dark web.
In this new edition of the Tenable Research podcast, we talk with senior staff research engineer Satnam Narang about a new white paper which explores the working of this ecosystem, how it works and what the economics of the model are.
Show References
- Ransomware Ecosystem White Paper Download Page
- Blog on Understanding the Ransomware Ecosystem
- Webinar on the Ransomware Ecosystem report
- ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware
Follow along for more from Tenable Research:
BIG-IP and Microsoft Fixes and AWS Hot Patches
Tenable Research Podcast
05/23/22 • 23 min
This month we talk to Tenable research manager Scott Caveza about three recent patching stories, where F5 and Microsoft offered fixes in a regular cycle, and how Amazon Web Services released hot patches to repair earlier vulnerabilities in fixes for Log4J.
Follow along for more from Tenable Research
The State of OT Security, a Year Since Colonial Pipeline
Tenable Research Podcast
05/13/22 • 35 min
On this edition of the podcast, we look at the conversation around operational technology (OT) and attacks on critical infrastructure, as we mark a year since the Colonial Pipeline incident. We’re joined by Tenable’s VP of operational technology Marty Edwards to talk about lessons learned, what work there is still to be done by practitioners, industry and researchers, and where the problems remain.
Tenable blog - Securing Critical Infrastructure its Complicated
Video of the Homeland Security Committee
NCSC blog on Cyber Assessment Framework
Follow along for more from Tenable Research:
Security Research in 2020
Tenable Research Podcast
12/10/20 • 52 min
We’re joined by four members of the Zero Day Research team - Nick Miles, Jimi Sebree, Chris Lyne, and Evan Grant - to talk about what it’s like being a security researcher in 2020. Conferences mostly cancelled, vendor responses fluctuating, concerns about selecting targets and promoting work - it’s complicated out there for researchers. As always, Satnam Narang breaks down the latest vulnerability news for us.
Show References:
Microsoft’s December 2020 Patch Tuesday Addresses 58 CVEs including CVE-2020-25705 (SAD DNS)
Cloudflare’s Blog Post on SAD DNS
CVE-2020-4006: VMware Command Injection Flaw Exploited by Russian State-Sponsored Threat Actors
CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager Disclosed
Spam warning on Cash Ash
Zero Day Research
COVID-19 Pandemic Data: As Attack Surface Expands, Software Vendors Improve Vulnerability Response Times
PsExec Local Privilege Escalation
Hacking in Among Us
TP-Link Takeover with a Flash Drive
Inside Amazon’s Ring Alarm System
Follow along for more from Tenable Research:
Subscribe to the blog
Follow Tenable’s Zero Day team on Medium
Tenable Research Podcast Musical References
Show more best episodes
Show more best episodes
FAQ
How many episodes does Tenable Research Podcast have?
Tenable Research Podcast currently has 37 episodes available.
What topics does Tenable Research Podcast cover?
The podcast is about News, Tech News, Podcasts and Technology.
What is the most popular episode on Tenable Research Podcast?
The episode title 'What is Exposed Externally That You’re Unaware Of, What Can Attackers See - and How to Manage Your Exposure' is the most popular.
What is the average episode length on Tenable Research Podcast?
The average episode length on Tenable Research Podcast is 36 minutes.
How often are episodes of Tenable Research Podcast released?
Episodes of Tenable Research Podcast are typically released every 23 days, 2 hours.
When was the first episode of Tenable Research Podcast?
The first episode of Tenable Research Podcast was released on Feb 21, 2020.
Show more FAQ
Show more FAQ