Welcome back to the Tenable Research Podcast. In this new episode we look back at June’s Microsoft patches, and ask Tenable staff research engineer Satnam Narang what he feels the reasons are for the number of patches generally decreasing both monthly and annually. We are also joined by director of product management Ray Carney, as we look into the…

After a looong absence, Bill and Gavin discuss Supply Chain Attacks and how Solarwinds personally impacted Gavin's slides. The chaps also talk through some pretty big additions to Tenable's Cloud capabilities with Frictionless Assessment.Par Tenable. Bill Olson/Gavin Millard

It was a long summer and fall months; nevertheless, we are back at it. This is the "lost" episode and final for 2020. We will try to be more regular in 2021. Happy New Year! & Stay Safe! In this episode, Gavin and I discuss what we have been up to over the last several months as we'll discuss some major improvements/innovations here at Tenable. Lin…

In this episode Bill and Gavin discuss becoming more business aligned security leaders and how to influence change.Par Tenable Bill Olson, Gavin Millard

In this episode Bill and Gavin are joined by Wei Tai from the Data Science team to discuss Machine Learning and how accurate the team have identified the major vulnerabilities of 2019. Bill also learns how to press the record button so the team don’t have to record the podcast for a third time in a week.…

In this episode Bill and Gavin discuss predicting the vulnerabilities that matter most through machine learning and reducing the burden of patching the infrastructure.Par Tenable, Bill Olson, Gavin Millard

In this episode Bill and Gavin discuss Nessus on Raspberry Pi, which unfortunately didn't make it through the rigorous testing processes, and the top vulnerabilities you should be patching to secure the remote workforce. https://www.tenable.com/remote-workforce https://www.tenable.com/blog/how-covid-19-response-is-expanding-the-cyberattack-surface …

In this episode Bill and Gavin talk about protecting the new norm of the remote workforce and discuss CVE-2020-0796. Tenable SRT Blog https://www.tenable.com/blog/cyber-exposure-alerts Tenable Plugin list - https://www.tenable.com/pluginsPar Tenable, Bill Olson, Gavin Millard

In this episode Bill and Gavin discuss a presentation on the top 5 attack vectors in 2020 according to SANS. Here’s a link to the video of the presentation Bill and Gavin are referencing: https://www.youtube.com/watch?v=xz7IFVJf3LkPar Tenable, Bill Olson, Gavin Millard

New year, new format. Instead of the usual Olson mocking through the use of the latest cyber news, Bill and Gavin will be sharing some inner workings of team Tenable and what the dev are creating. In this episode, Bill and Gavin talk about the innovation competition between dev teams and measuring the maturity of your assessment practices.…

In this special episode, Bill and Gavin are joined by Tenable's CISO Bob Huber and Data Scientist Bryan Doyle. The chaps discuss measurements that matter and how to communicate security effectiveness.Par Tenable, Bill Olson, Gavin Millard, Bob Huber, Brian Doyle

In this episode Bill finally gets some payback on Gavin, they discuss Smart Televisions on spending sprees, a goose with a bad attitude and poor cyber hygiene and Bluekeep exploitation. Bill is also joined by Amit Yoran, CEO of Tenable, to discuss learned helplessness in the world of Cyber Security. Need a new job? Run for office https://www.wsj.co…

Honey is not just for Pooh https://www.wilbursecurity.com/2019/10/rdp-honeypotting/ Mo Money https://www.vice.com/en_us/article/7x5ddg/malware-that-spits-cash-out-of-atms-has-spread-across-the-world Oh boy https://www.techdirt.com/articles/20191004/19564743128/city-baltimore-blew-off-76000-ransomware-demand-only-to-find-out-bunch-data-had-never-bee…

In this episode Bill and Gavin talk about dismantling hotel lamps for fun and profit, multiple router Vulnerabilities and keeping track of private information in repositories. Bill is also joined by Ryan and Scott from the research team to discuss a couple of major zero days affecting Exim and vBulletin. Keeping track of all your assets is hard htt…

In this episode Bill and Gavin talk snooping on cat scans, TGIF data breach, breaking into Gavin's bank account with a handy sound board and power grid blackouts. Bill also interviews Steve Smith and Kent Dyer from the Government Affairs team to understand issues affecting Governments across the Globe. Can we get Gavin out of retirement https://www…

States be getting pwnd https://www.dallasnews.com/business/technology/2019/08/17/20-texas-jurisdictions-hit-coordinated-ransomware-attack-state-says Where are your notes, or is this your favorite text editor? https://www.digitaltrends.com/computing/major-security-flaw-in-notepad-leaves-windows-pcs-vulnerable-to-hackers/ https://googleprojectzero.bl…

In this episode, Bill and Gavin discuss attacks against adult apps, a WhatsApp flaw that enables an attacker to change messages and join groups, hacking alarm systems with a $2 device, and predicting the NVD future with Predictive Prioritization. Rogue Asset Discovery for free! https://www.tenable.com/blog/new-capabilities-to-automatically-discover…

In this episode, Bill turns the insecurity tables on Gavin with the iOS 13 keychain bug. The chaps also discuss insecure trains, remote code execution vulnerabilities in Atlassian, and how to publicly respond to a major outage. This episode also features David Wells, who talks about the recent vulnerability he discovered in Comodo AV. Rundown https…

In this episode, Bill and Gavin discuss strange meetings in English Forests, improvements in security guidelines around IoT devices, bricking iPhone with a single message, and the issues with non-experts defining government policy. Bill is also joined by Tenable Researcher Jimi Sebree to discuss how he discovers new zero-days and a recent Arlo Came…

In this episode, Bill and Gavin talk about a Firefox Zero Day, organizations facing bankruptcy due to ransomware, and MSSP's as an attack vector and C&C Slack. They are also joined by Matt Everson and Justin Brown from Tenable Research team. Breaches costing real money. https://krebsonsecurity.com/2019/06/collections-firm-behind-labcorp-quest-breac…

Bill and Gavin talk about yet another leak of hundreds of millions of personal details with the Baltimore City Ransomware attack. The chaps are joined by Research Analyst, Claire Tills, to discuss how the media drive remediation efforts for popular vulnerabilities. Baltimore City https://www.welivesecurity.com/2019/05/17/eternalblue-new-heights-wan…

Airbnb Superhost’s creepy spycam sniffed out by sleuthing infosec pro SharePoint servers under attack through CVE-2019-0604 Open source bug poses a threat to sites running multiple CMSes Dhound Chatbot: open domains, IP addresses Unless you want your payment card data skimmed, avoid these commerce sites EXPLOITING 10,000+ DEVICES USED BY BRITAIN’S …

In this episode, Bill and Gavin talk easy-to guess-passwords, the Beapy Cryptojacking worm sweeping through Asia, as well as hungry cybercriminals leveraging credential-stuffing attacks. 10 most hacked passwords https://www.foxbusiness.com/technology/most-hacked-passwords-2019 The Chipotle Hack And The Troubling Trend Of Credential Stuffing https:/…

Corporate giants want to help students, feds and themselves by offering cyber pros $75,000 in loan assistance https://www.cyberscoop.com/workforce-cyber-talent-initiative-loan-assistance/ Cool blog entry about building going "smart" https://tisiphone.net Owning WPA3 https://www.zdnet.com/article/dragonblood-vulnerabilities-disclosed-in-wifi-wpa3-st…

In this episode, Bill tries to track merger and acquisition activity with children GPS devices. Gavin highlights the issues of hiding malware in BIOS, and Thom Langford from TL(2) joins to give a CISO's perspective. Episode 6 story list: Motherboard flaws can lead to hidden malware https://www.theregister.co.uk/2019/04/03/razer_laptop_flaw/ Mar-a-l…

In this week's episode, Bill and Gavin discuss Cult of the Dead Cow, top ten vulnerabilities, supply chain attacks and leaky geolocation apps. Episode 5 story list: Microsoft Office Dominates Most Exploited List https://www.darkreading.com/vulnerabilities---threats/microsoft-office-dominates-most-exploited-list/d/d-id/1334198 For more on the Top Te…

Bill and Gavin discuss several stories which highlight the challenges around cyber hygiene. This episode also features a discussion on vulnerability prioritization with Tenable's Kevin Flynn. Developer Password Story - https://net.cs.uni-bonn.de/fileadmin/user_upload/naiakshi/Naiakshina_Password_Study.pdf Ransomware stats dropping but it is as prof…