Research
What's the deal with Web App Scanning?
May 14 · 38 minutes
Satnam walks us through May’s Patch Tuesday which, even at 111 vulnerabilities, was a bit calmer than prior months’ releases. We also talk about vulnerabilities in vBulletin, Cisco, Salt Framework and Sophos XG Firewall - and more. Satnam highlights primary research including flaws Tenable Research found in Instacart’s website and social media scams. To round it out, Eric Detoisien, Director of Research for WAS Content, joins us to talk about web application scanning and how his small-but-brilliant team develops WAS plugins.
- Listen:
Show Notes
- SophosLabs on “Asnarök” Trojan - https://news.sophos.com/en-us/2020/04/26/asnarok/
- Second Grader Hacks System, Shows Kids How to Access Any Student Account - https://bocanewsnow.com/2020/05/12/coronavirus-massive-palm-beach-county-school-district-student-password-breach/
- WAS SSL/TLS plugins - https://www.tenable.com/plugins/was/families/SSL%2FTLS
Recently from Research:
- https://www.tenable.com/blog/scams-exploit-covid-19-giveaways-via-venmo-paypal-and-cash-app
- https://www.tenable.com/blog/microsoft-s-may-2020-patch-tuesday-addresses-111-cves
- https://www.tenable.com/blog/instacart-patches-sms-spoofing-vulnerability-discovered-by-tenable-research
- https://www.tenable.com/blog/cve-2020-12720-vbulletin-urges-users-to-patch-undisclosed-security-vulnerability
- https://www.tenable.com/blog/cisco-patches-multiple-flaws-in-adaptive-security-appliance-firepower-threat-cve-2020-3187
- https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wild
- https://www.tenable.com/blog/wordpress-e-learning-plugin-vulnerabilities-range-from-cheating-to-remote-code-execution
- https://www.tenable.com/blog/cve-2020-12271-zero-day-sql-injection-vulnerability-in-sophos-xg-firewall-exploited-in-the-wild
- https://www.tenable.com/blog/multiple-zero-day-vulnerabilities-in-ios-mail-app-exploited-in-the-wild
- https://www.tenable.com/blog/adv200004-microsoft-releases-out-of-band-advisory-to-address-flaws-in-autodesk-filmbox-fbx
- https://medium.com/tenable-techblog/remapping-python-opcodes-67d79586bfd5
- https://medium.com/tenable-techblog/getting-root-on-macos-via-3rd-party-backup-software-b804085f0c9
Follow the Security Response Team on the Tenable Community.
- Research Podcast
- Tenable Vulnerability Management
