Clik here to view.
Buffer Overflow Vulnerability in Apple iOS and macOS Devices Disclosed
A researcher has disclosed a buffer overflow vulnerability in Apple’s XNU operating system kernel that allows attackers on a local network to reboot Apple’s iOS and macOS devices and could potentially...
View ArticleClik here to view.
Cisco ASA and Firepower Being Exploited in the Wild - Apply Mitigations ASAP
Cisco advised that the Adaptive Security Appliance (ASA) and Firepower systems are being exploited in the wild with a Session Initiation Protocol (SIP) vulnerability. There is currently no...
View ArticleClik here to view.
Apache Struts Patches Remote Code Execution Vulnerability in FileUpload...
Apache Software Foundation announces a security update for Apache Struts to address a vulnerability in the Commons FileUpload library that could lead to remote code execution. We recommend updating...
View ArticleClik here to view.
Three Vulnerability Intelligence Insights Worth Your Attention
<p>The <a href="https://www.tenable.com/cyber-exposure/vulnerability-intelligence">Vulne... Intelligence Report</a>, released today by Tenable Research, provides an overview of...
View ArticleClik here to view.
Vulnerability Intelligence Report: A Risk-Centric Approach To Prioritization
<p>Tenable Research set out to provide organizations with the real-world data they need to take a risk-centric approach to vulnerability management.</p><p>Insight into the true state...
View ArticleClik here to view.
APT Malware Activity Detected Exploiting a Patched ColdFusion Vulnerability...
<p>Researchers at Volexity have identified multiple groups exploiting CVE-2018-15961 in unpatched, web-facing Adobe ColdFusion servers. Users are urged to upgrade to the latest version of...
View ArticleClik here to view.
VMware Issues Security Advisory for Guest-to-Host Escape Vulnerability...
<p>VMware issued an advisory about two uninitialized stack memory usage bugs and has released patches and updates for some versions of the affected...
View ArticleClik here to view.
New WordPress Privilege Escalation Flaw In WP GDPR Compliance Plugin
<p>A privilege escalation flaw in WordPress’ popular WP GDPR Compliance plugin has led to exploitation of numerous WordPress sites. Site owners and administrators are encouraged to upgrade to the...
View ArticleClik here to view.
Adobe Patches Incomplete Fix for NTLM Credential Leaking Bug (CVE-2018-15979)
Researchers have reported an incomplete fix for CVE-2018-4993, an NTLM credential leaking vulnerability that was supposed to be patched in May 2018. Adobe has now released a complete fix.BackgroundOn...
View ArticleClik here to view.
5W1H: Speculative Side Channel Vulnerabilities De-mystified
<p>The classes of vulnerabilities that brought us Meltdown and Spectre are not going away anytime soon. Here’s what you need to know about Speculative Execution vulnerabilities, with our guidance...
View ArticleClik here to view.
Popular WordPress ‘AMP for WP’ Plugin Vulnerable to Privilege Escalation...
The ‘AMP for WP – Accelerated Mobile Pages’ plugin for WordPress is vulnerable to a privilege escalation attack. Updating the plugin to version ‘0.9.97.20’ fixes the flaw.BackgroundFollowing the...
View ArticleClik here to view.
Shifting Left in the Cybersecurity Defense Lifecycle
<p>Identifying your risk posture should be the first objective of all cybersecurity programs. Yet, this is where organizations often fail, due to weak visibility and understanding during the...
View ArticleClik here to view.
Drupalgeddon Attacks Continue on Sites Missing Security Updates...
Recent attacks targeting Drupal instances vulnerable to Drupalgeddon 2 and Drupalgeddon 3 highlight the importance of identifying and patching vulnerable sites.BackgroundIn March 2018, Drupal published...
View ArticleClik here to view.
Adobe Issues Out-of-Band Patch for Critical Flash Player Vulnerability...
Adobe has released an out-of-band patch for a critical Flash Player vulnerability. Users are encouraged to upgrade as soon as possible.BackgroundOn November 20, Adobe released APSB18-44, an out-of-band...
View ArticleClik here to view.
Tenable Research Advisory: Multiple ICS Vulnerabilities in Schneider Modicon...
Tenable Research discovered multiple vulnerabilities in Schneider’s Modicon Quantum programmable logic controller. Schneider has recommended mitigations for impacted end users.BackgroundWhile examining...
View ArticleClik here to view.
CDM DEFEND: Going Mobile
<p>How the CDM DEFEND plan for adding and securing mobile devices will help government agencies improve visibility and security.</p><p>“<a...
View ArticleClik here to view.
What’s in a Name? SecurityCenter Is Now Tenable.sc
<p>On November 7, 2018, Tenable SecurityCenter was renamed Tenable.sc. Read on to learn more about why we did it - and catch up on the latest innovations coming to our Cyber Exposure...
View ArticleClik here to view.
Tenable Research Advisory: Zoom Unauthorized Command Execution (CVE-2018-15715)
Tenable Researcher David Wells discovered a vulnerability in Zoom’s Desktop Conferencing Application that allows an attacker to hijack screen controls, spoof chat messages or kick and lock attendees...
View ArticleClik here to view.
Kubernetes Privilege Escalation Vulnerability Publicly Disclosed...
<p>Patches are available for a critical privilege escalation flaw (CVE-2018-1002105) in the open-source container orchestration system,...
View ArticleClik here to view.
Adobe Flash Vulnerability Can Lead to Code Execution and Asset Takeover...
Adobe has issued an out-of-band advisory for CVE-2018-15982. Through the use of a maliciously crafted RAR file, an attacker exploiting this vulnerability can take over the machine of users that run...
View Article