Benchmarks and You: Making the Right Match
Nov 13 · 50 minutes
On this episode, we talk about November Patch Tuesday - Satnam highlights some of the vulnerabilities and we discuss the new, limited format for the advisories from Microsoft. Our guest this month is Grant Dobbe who gives us a crash course on compliance benchmarks and how to pick the right one for you. The key lesson: don’t try to put a jet engine on a Cessna.
Show References
- Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
- Webinar: Ramp-Up Your Response to Latest State Sponsored Attacks
- Microsoft’s November 2020 Patch Tuesday Addresses 112 CVEs including CVE-2020-17087
- CVE-2020-15999, CVE-2020-17087: Google Chrome FreeType and Microsoft Windows Kernel Zero Days Exploited in the Wild
- Google patches two more Chrome zero-days
- Apple patches iOS against 3 actively exploited 0-days found by Google
- Oracle Critical Patch Update for October 2020 Addresses 402 Security Updates
- CVE-2020-14882: Oracle WebLogic Remote Code Execution Vulnerability Exploited in the Wild
- Oracle Security Alert Advisory - CVE-2020-14750 (Out-of-Band)
- CVE-2020-14871: Critical Buffer Overflow in Oracle Solaris Exploited in the Wild as Zero-Day
- CVE-2020-27615: SQL Injection Vulnerability in WordPress Loginizer Plugin Affected Over One Million Sites
- CVE-2020-16846, CVE-2020-25592: Critical Vulnerabilities in Salt Framework Disclosed
- Webinar: How to Unlock the Security Benefits of the CIS Benchmarks
- CIS Benchmarks
- DISA STIGs
- STIG Viewer
- Single Check Audits on Github
- Github: Audit file for CVE-2020-14871
- Research Podcast
- Tenable Vulnerability Management