Security Research in 2020

We’re joined by four members of the Zero Day Research team - Nick Miles, Jimi Sebree, Chris Lyne, and Evan Grant - to talk about what it’s like being a security researcher in 2020. Conferences mostly cancelled, vendor responses fluctuating, concerns about selecting targets and promoting work - it’s complicated out there for researchers. As always, Satnam Narang breaks down the latest vulnerability news for us.Show References:Microsoft’s December 2020 Patch Tuesday Addresses 58 CVEs including CVE-2020-25705 (SAD DNS)Cloudflare’s Blog Post on SAD DNSCVE-2020-4006: VMware Command Injection Flaw Exploited by Russian State-Sponsored Threat ActorsCVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager DisclosedSpam warning on Cash AshZero Day ResearchCOVID-19 Pandemic Data: As Attack Surface Expands, Software Vendors Improve Vulnerability Response TimesPsExec Local Privilege EscalationHacking in Among UsTP-Link Takeover with a Flash DriveInside Amazon’s Ring Alarm SystemFollow along for more from Tenable Research:Subscribe to the blogFollow Tenable’s Zero Day team on MediumTenable Research Podcast Musical References