Security Advisories: the Good, the Bad, and the Weird
This month, Luke Tamagna-Darr is back and he and Satnam have a lot to say about security advisories. As always, we walk through the latest vulnerability news - specifically diving into “Zerologon” and “Bad Neighbor” as well as multiple alerts from CISA. Many advisories recently were focused on chaining vulnerabilities, providing insight into how attackers are leveraging bugs together in attacks.Show References:Writing Security Advisories: 5 Best Practices For VendorsMicrosoft’s October 2020 Patch Tuesday Addresses 87 CVEs including “Bad Neighbor” Windows TCP/IP Vulnerability (CVE-2020-16898)CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain ControllerCVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched VulnerabilitiesUS Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched VulnerabilitiesCVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices DisclosedMultiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to AttackCVE-2020-6925, CVE-2020-6926, CVE-2020-6927: Multiple Vulnerabilities in HP Device ManagerTenable Research Spotify Playlist