Clik here to view.
Public Exploit Scripts for Vulnerable Cisco Small Business RV320 and RV325...
Availability of public exploit scripts for two vulnerabilities in Cisco Small Business WAN VPN routers coupled with incoming scans for vulnerable devices indicate that attackers are preparing to launch...
View ArticleClik here to view.
Compliance Beyond IRS 1075 and CJIS Audits
In today's edition of Tenable's State and Local Government Video Blog Series, we discuss how IRS 1075 (FTI) and CJIS Security compliance can help organizations reduce cost, create resource efficiencies...
View ArticleClik here to view.
LibreOffice Vulnerable to Code Execution in URL Mouseover Preview Feature
Researcher Alex Inführ discovered that LibreOffice 6.1.0-6.1.3.1 is susceptible to a code injection attack if a user hovers their mouse over a malicious URL.BackgroundResearcher Alex Inführ disclosed a...
View ArticleClik here to view.
Remote Code Execution in InduSoft Web Studio
Enterprises running InduSoft Web Studio should update their software and ensure these critical systems are not exposed to the internet.Tenable Research has discovered an unauthenticated remote code...
View ArticleClik here to view.
ThinkPHP Remote Code Execution Vulnerability Used To Deploy Variety of...
A remote code execution bug in the Chinese open source framework ThinkPHP is being actively used by threat actors to implant a variety of malware, primarily targeting Internet of Things (IoT)...
View ArticleClik here to view.
Overcoming Your Vulnerability Overload with Predictive Prioritization
Tenable introduces Predictive Prioritization, a groundbreaking, data science-based process that re-prioritizes each vulnerability based on the likelihood it will be leveraged in an attack.Are you...
View ArticleClik here to view.
See More, Do More and Reduce Risk with Tenable.sc 5.9
Tenable.sc 5.9 gives customers increased visibility into their attack surface with a first-of-its-kind innovation, Predictive Prioritization, which combines threat intelligence and machine learning to...
View ArticleClik here to view.
CVE-2019-5736 Exploits the Common runc Container Binary to Escape to Host
CVE-2019-5736 allows for an escape to host attack in specific container configurations.BackgroundA new vulnerability (CVE-2019-5736) was recently announced in runc, the runtime used by popular...
View ArticleClik here to view.
Industrial Security and Tenable.sc Converge to Close the IT/OT Cyber Exposure...
Until now, security leaders have lacked visibility into the risk posture of the operational technology (OT) environments that are critical to their organization’s digitization initiatives. Security...
View ArticleClik here to view.
Highly Critical Drupal Security Advisory Released (SA-CORE-2019-003)
Drupal has released a security advisory to address a critical remote code execution vulnerability (CVE-2019-6340).BackgroundOn February 20, Drupal released a security advisory (SA-CORE-2019-003) for...
View ArticleClik here to view.
WinRAR Absolute Path Traversal Vulnerability Leads to Remote Code Execution...
A 19-year-old vulnerability in WinRAR’s ACE file format support (CVE-2018-20250) has been identified as part of an attack in the wild.BackgroundOn February 20, researchers at Check Point Research (CPR)...
View ArticleClik here to view.
Tenable Research Discovers Remote Code Execution Vulnerabilities in GPON Routers
Tenable Research has discovered six new vulnerabilities in Nokia (Alcatel-Lucent) I-240W-Q GPON routers that can provide attacker with telnet access, DoS the target, or run arbitrary...
View ArticleClik here to view.
Management Interfaces in Three Models of Cisco Networking Devices Are...
New vulnerability (CVE-2019-1663) in Cisco RV110W, RV130W, and RV215W devices allows for RCE attacks from malicious HTTP requests.BackgroundCisco has released a security advisory for CVE-2019-1663, a...
View ArticleClik here to view.
Tenable at RSA Conference 2019: Unlocking the Power of Prioritization
Customer presentations, product demos, and an entire day devoted to the public sector are just some of the activities Tenable has planned for RSA Conference 2019.You’ve heard all about Predictive...
View ArticleClik here to view.
Adobe Issues Out-of-Band Security Bulletin for Critical ColdFusion...
Adobe Security Bulletin APSB19-14 addresses a file upload restriction bypass vulnerability that has been exploited in the wild.BackgroundOn March 1, Adobe published APSB19-14, an out-of-band security...
View ArticleClik here to view.
RSAC 2019: New Approaches for Reducing Your Cyber Exposure
Vulnerability overload got you down? Attend my talk at the RSA Conference 2019 and learn about a new approach to cyber risk management.It's that time of year again - the RSA Conference (RSAC) 2019...
View ArticleClik here to view.
Here Are the Top Cybersecurity Insights for Public Sector
A new global study conducted by Ponemon Institute explores cyber risk in the public sector: What are the top priorities for public sector cybersecurity leaders in 2019? Why has preventing attacks on OT...
View ArticleClik here to view.
Industrial Security and Tenable.sc Converge to Close the IT/OT Cyber Exposure...
Until now, security leaders have lacked visibility into the risk posture of the operational technology (OT) environments that are critical to their organization’s digitization initiatives. Security...
View ArticleClik here to view.
Highly Critical Drupal Security Advisory Released (SA-CORE-2019-003)
Drupal has released a security advisory to address a critical remote code execution vulnerability (CVE-2019-6340).BackgroundOn February 20, Drupal released a security advisory (SA-CORE-2019-003) for...
View ArticleClik here to view.
WinRAR Absolute Path Traversal Vulnerability Leads to Remote Code Execution...
A 19-year-old vulnerability in WinRAR’s ACE file format support (CVE-2018-20250) has been identified as part of an attack in the wild.BackgroundOn February 20, researchers at Check Point Research (CPR)...
View Article