This month we talk to Tenable research manager Scott Caveza about three recent patching stories, where F5 and Microsoft offered fixes in a regular cycle, and how Amazon Web Services released hot patches to repair earlier vulnerabilities in fixes for Log4J.
On this edition of the podcast, we look at the conversation around operational technology (OT) and attacks on critical infrastructure, as we mark a year since the Colonial Pipeline incident.
We're joined by Tenable's VP of operational technology Marty Edwards to talk about lessons learned, what work there is still to be done by practitioners, industry and researchers, and where the problems remain.
- Tenable blog - Securing Critical Infrastructure its Complicated
- Amit Yoran Testimony
- Video of the Homeland Security Committee
- Joint Cybersecurity Advisory
- CBS News 60 Minutes Report
- NCSC blog on Cyber Assessment Framework
Follow along for more from Tenable Research:
This month we take a deep dive into the most recent Java related vulnerability, and ask what the situation was with this, how it got confused with another vulnerability, and how significant it is to the wider threat landscape - or was it just riding on the memory of Log4J?
- Spring4Shell FAQ
- April Patch Tuesday
- VMware vCenter Server Sensitive Information Disclosure Vulnerability
- VMware Patches Multiple Vulnerabilities in Workspace ONE, Identity and Lifecycle Manager and vRealize
- Threat Landscape Retrospective 2021 Download Page