Benchmarks and You: Making the Right Match

On this episode, we talk about November Patch Tuesday - Satnam highlights some of the vulnerabilities and we discuss the new, limited format for the advisories from Microsoft. Our guest this month is Grant Dobbe who gives us a crash course on compliance benchmarks and how to pick the right one for you. The key lesson: don’t try to put a jet engine on a Cessna.Show References: Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known VulnerabilitiesWebinar: Ramp-Up Your Response to Latest State Sponsored AttacksMicrosoft’s November 2020 Patch Tuesday Addresses 112 CVEs including CVE-2020-17087CVE-2020-15999, CVE-2020-17087: Google Chrome FreeType and Microsoft Windows Kernel Zero Days Exploited in the WildGoogle patches two more Chrome zero-daysApple patches iOS against 3 actively exploited 0-days found by GoogleOracle Critical Patch Update for October 2020 Addresses 402 Security UpdatesCVE-2020-14882: Oracle WebLogic Remote Code Execution Vulnerability Exploited in the WildOracle Security Alert Advisory - CVE-2020-14750 (Out-of-Band)CVE-2020-14871: Critical Buffer Overflow in Oracle Solaris Exploited in the Wild as Zero-DayCVE-2020-27615: SQL Injection Vulnerability in WordPress Loginizer Plugin Affected Over One Million SitesCVE-2020-16846, CVE-2020-25592: Critical Vulnerabilities in Salt Framework DisclosedWebinar: How to Unlock the Security Benefits of the CIS BenchmarksCIS BenchmarksDISA STIGsSTIG ViewerSingle Check Audits on GithubGithub: Audit file for CVE-2020-14871Tenable Research Podcast Musical References