Clik here to view.
New Apache PHP XSS Bug Displays Modified HTTP Request Text to Users
A researcher has discovered a cross-site scripting vulnerability caused by mishandling of a PHP header in Apache version 2.x. Upgrade PHP and review privileges for applications and services using...
View ArticleClik here to view.
Tenable Research Advisory: Peekaboo Critical Vulnerability in NUUO Network...
Tenable Research has discovered a critical vulnerability named Peekaboo permitting remote code execution in IoT network video recorders for video surveillance systems that would allow attackers to...
View ArticleClik here to view.
Peekaboo: Don’t Be Surprised by These Not So Candid Cameras
Tenable Research discovered a major software flaw, dubbed Peekaboo, which gives cyber criminals control of certain video surveillance cameras, allowing them to secretly monitor, tamper with and even...
View ArticleClik here to view.
Nessus at 20: Why It’s More Than a Product to Me
In honor of the 20th anniversary of Nessus this year, we've been asking users around the world to answer the question, "I love Nessus because...." Here, Tenable's VP and Deputy CTO Glen Pendley does...
View ArticleClik here to view.
Xbash Malware Targets Windows and Linux with Ransomware and Cryptomining
Newly identified Xbash malware is targeting weak passwords and unpatched vulnerabilities on Linux and Windows systems to launch ransomware or cryptomining attacks.BackgroundUnit 42, Palo Alto Network’s...
View ArticleClik here to view.
Tenable Research Advisory: Rockwell Automation RSLinx Classic Lite RCE and...
Tenable Research has discovered multiple memory corruption issues in Rockwell Automation RSLinx Classic Lite 4.00.01 that may allow for remote code execution or denial of service. Customers are...
View ArticleClik here to view.
Four Cybersecurity Questions Every CISO Should Be Ready to Answer
In part one of our six-part blog series on improving your cybersecurity strategy, we discuss how the industry’s reliance on a hyper-compartmentalized approach is making everyone less secure, and we...
View ArticleClik here to view.
Tenable Research Advisory: Popular TP-Link Router is Vulnerable to Remote...
Tenable Research has discovered multiple vulnerabilities in the TP-Link TL-WRN841N, a popular consumer router, one of which could be used by an attacker to remotely take over the device.What do you...
View ArticleClik here to view.
Tenable Research Advisory: Multiple Vulnerabilities Discovered in MikroTik's...
Tenable Research has discovered several vulnerabilities in RouterOS, an operating system used in MikroTik routers, the most critical of which would allow attackers to potentially gain full system...
View ArticleClik here to view.
MikroTik RouterOS Vulnerabilities: There’s More to CVE-2018-14847
In the course of preparing his Derbycon 8.0 presentation on RouterOS vulnerabilities, Tenable Researcher Jacob Baines discovered more to CVE-2018-14847 than originally known. Here’s how it could allow...
View ArticleClik here to view.
Tenable Research Advisory: Multiple HPE iMC Vulnerabilities Could Lead to...
Tenable Research discovered multiple vulnerabilities in the HPE Intelligent Management Center. HPE is currently working to fix the issues and plans to release patches on Nov. 30.What you need to know:...
View ArticleClik here to view.
Public Exploit Modules Available for Cisco Prime Infrastructure Vulnerability
Users of Cisco Prime Infrastructure Software are urged to update to the latest version to address one of two vulnerabilities that, when chained, could lead to remote code execution with system-level...
View ArticleClik here to view.
Microsoft’s October 2018 Security Update: There's More to the Story
A week after Microsoft addressed 49 vulnerabilities in its October 2018 Security Update, new developments have emerged that change the threat profile of some of them.BackgroundOn Tuesday, October 9,...
View ArticleClik here to view.
Process-Led Deployment: How to Maximize Your Cyber Technology Investments
Taking a process-led approach to your cyber technology deployments is critical to your organization’s ability to reduce risk. Too often, organizations focus on solution features and not on driving the...
View ArticleClik here to view.
libssh Vulnerable to Authentication Bypass (CVE-2018-10933)
A newly announced vulnerability in libssh, a multiplatform library that supports the Secure Shell (SSH) protocol, allows attackers to bypass authentication and gain full control over vulnerable...
View ArticleClik here to view.
jQuery File Upload Plugin Leaves Web Servers Vulnerable to Unauthenticated...
Akamai disclosed that the popular jQuery File Upload plugin has been vulnerable to an unauthenticated file upload flaw since November 2010.BackgroundAkamai’s Security Intelligence Response Team (SIRT)...
View ArticleClik here to view.
Microsoft Data Sharing Service Zero-Day Exploit Released on Twitter
Researcher discloses privilege escalation zero-day in Microsoft’s Data Sharing Service on Twitter and provides a proof-of-concept that could be used to deploy attacks in the wild.BackgroundOn October...
View ArticleClik here to view.
Tweetable Exploit for X.org Server Local Privilege Escalation...
A researcher has published a local privilege escalation exploit that fits in a single tweet for xorg-x11-server. Vendors are rolling out fixes and mitigation advice.BackgroundOn October 25, a tweetable...
View ArticleClik here to view.
DemonBot Malware Targets Apache Hadoop Servers Using Available Exploit Code
New DemonBot malware uses Apache Hadoop exploit also used by XBash to launch exploitation attempts at a rate of one million a day to facilitate widespread DDoS.BackgroundResearchers at Radware recently...
View ArticleClik here to view.
Bold State Cyber Plays Require Bold Action from the Private Sector, Too
State CISOs face unique challenges in a highly competitive cybersecurity market. Here are three actions the private sector can take to help.At the NASCIO annual conference, held Oct. 21-24 in San...
View Article