Clik here to view.
CVE-2019-12643: Critical Authentication Bypass Vulnerability in REST API...
Cisco releases ten advisories, including one critical advisory impacting Cisco IOS XE devices with the REST API Container enabled.BackgroundOn August 28, Cisco released 10 advisories to address...
View ArticleClik here to view.
CVE-2017-9841: Drupal Sites Exploited Using PHPUnit Vulnerability in...
Attackers are leveraging a vulnerability patched nearly three years ago to target Drupal sites.BackgroundOn September 4, Drupal published PSA-2019-09-04, a public service announcement (PSA) for a...
View ArticleClik here to view.
CVE-2019-15846: Unauthenticated Remote Command Execution Flaw Disclosed for Exim
CVE-2019-15846, a new unauthenticated remote code execution vulnerability in the Exim message transfer agent, has been patched in version 4.92.2. Users are encouraged to upgrade...
View ArticleClik here to view.
Microsoft's September 2019 Patch Tuesday: Tenable Roundup
Microsoft’s September 2019 Security Updates address 79 vulnerabilities, 17 of which are rated critical.Microsoft’s September 2019 Patch Tuesday release contains updates for 79 CVEs, 17 of which are...
View ArticleClik here to view.
No, You Aren’t Being Invited to Win a New Car. That’s Spam on Your Calendar
By abusing the automatic event creation feature of integrated email calendars, spammers are finding ways to send you malicious links that are harder to ignore.BackgroundIn June, researchers at...
View ArticleClik here to view.
What Skyjacking and Kidnapping Cases Can Teach Us About Responding to...
While ransomware is a relatively new phenomenon, ransom-related crimes have been around for generations. Here are four lessons from the past which we believe will help state and local governments...
View ArticleClik here to view.
Vulnerability Management: A Fundamental First Step to Improve Cyber Hygiene...
Vulnerability management tools should be behind every platform operating on the modern attack surface. Here’s why.Vulnerability management (VM) is no longer a niche program; it is an essential...
View ArticleClik here to view.
How Ballad Health Uses Tenable.sc to Protect Its Complex Attack Surface
Ballad Health’s network includes IT, internet of things and operational technology assets used by staff, practitioners and clients across 21 sites. Here’s how it’s using Tenable.sc to find and fix...
View ArticleClik here to view.
CVE-2019-14994: URL Path Traversal Vulnerability in Jira Service Desk Leads...
Path traversal flaw in Jira Service Desk can be used by attackers to view protected information in Jira projects.BackgroundOn September 18, Atlassian published a security advisory for a vulnerability...
View ArticleClik here to view.
CVE-2019-1367: Critical Internet Explorer Memory Corruption Vulnerability...
Zero-day memory corruption vulnerability in Internet Explorer has been observed in attacks in the wildBackgroundOn September 23, Microsoft released an out-of-band patch for a zero-day vulnerability in...
View ArticleClik here to view.
Critical Zero-Day Pre-authentication Remote Code Execution Exploit Published...
New critical zero-day pre-auth RCE exploit code published on Full Disclosure mailing list for 5.x versions of vBulletin (CVE-2019-16759).BackgroundA preauthentication remote code execution (RCE)...
View ArticleClik here to view.
CVE-2019-8451: Proof-of-Concept Available for Server Side Request Forgery...
Availability of proof-of-concept code for vulnerability in Jira poses a challenge, as the Jira 7.x branch did not appear to contain a fix for the flawBackgroundOn September 9, Atlassian released...
View ArticleClik here to view.
CVE-2019-16928: Critical Buffer Overflow Flaw in Exim is Remotely Exploitable
CVE-2019-16928, a critical heap-based buffer overflow vulnerability in Exim email servers, could allow remote attackers to crash Exim or potentially execute arbitrary code.BackgroundExim Internet...
View ArticleClik here to view.
Tenable Lumin: Translating Vulnerability Management Into the Language of...
With Tenable Lumin, we’re giving customers a bridge between the language of vulnerability management and the language of business. In our work here at Tenable, we often hear from our CISO customers...
View ArticleClik here to view.
What You Need to Know About The New Capabilities for Tenable.sc
The new Solutions view page in Tenable.sc 5.12 helps you unlock the power of Predictive Prioritization and the Vulnerability Priority Rating. Here’s how.The National Vulnerability Database has analyzed...
View ArticleClik here to view.
How Sanmina Uses Tenable.sc to Prioritize Vulnerabilities and Improve Its...
Sanmina’s information security team needed an effective way for hundreds of IT colleagues worldwide to access vulnerability data — while also keeping senior management informed. Here’s how the...
View ArticleClik here to view.
Microsoft's October 2019 Patch Tuesday: Tenable Roundup
Administrators rejoice: only nine of the 59 vulnerabilities in Microsoft's October 2019 Security Update are rated critical.Microsoft’s October 2019 Patch Tuesday contains updates for 59 CVEs, nine of...
View ArticleClik here to view.
Tenable Takes the Triple Crown in VM — No. 1 in Accuracy, Coverage and...
At Tenable, we’ve always seen our Research team as a key differentiator. Our deep investment in R&D makes all the difference in delivering the data customers need to do their jobs well and keep...
View ArticleClik here to view.
How to Choose the Right Vulnerability Management Solution
As vulnerability management evolves, organizations are seeing increased need for prioritization, benchmarking and flexible reporting. Here are five things to keep in mind when choosing a VM...
View ArticleClik here to view.
Oracle Critical Patch Update for October Contains 180 Fixes
Oracle addresses 180 CVEs across 219 security patches in October’s Critical Patch Update, including a critical vulnerability in Oracle NoSQL Database.On October 15, Oracle released its Critical Patch...
View Article