Clik here to view.
CVE-2019-0604: Critical Microsoft SharePoint Remote Code Execution Flaw...
The SharePoint flaw first exploited in the wild in May continues to be exploited nine months after it was patched by Microsoft.BackgroundOn December 10, security researcher Kevin Beaumont published a...
View ArticleClik here to view.
Objects in Mirror Are Closer Than They Appear: Reflecting on the...
Tenable’s Security Response Team reviews the biggest cybersecurity threats of 2019.With 2019 coming to an end, the Tenable Security Response Team reflects on the vulnerabilities and threats that had a...
View ArticleClik here to view.
Security, Here's When You Should Call Legal
Did you know litigation can emerge over vulnerabilities – before a security breach occurs? That’s why it’s essential for security to work with legal when a vulnerability is discovered. So far, I’ve...
View ArticleClik here to view.
A Look at the Most Popular Penetration Testing Methodologies
Penetration testing provides essential visibility into IT vulnerabilities. Here's a look at why it matters and common methods for completing assessments.Penetration testing is a critical, yet often...
View ArticleClik here to view.
CVE-2019-1978: Unauthenticated Remote Code Execution Vulnerability in Citrix...
Citrix urges customers to apply mitigation steps for CVE-2019-1978, a remote code execution vulnerability exploitable through specially crafted HTTP requests to vulnerable devices.BackgroundCitrix has...
View ArticleClik here to view.
CVE-2018-0296: Vulnerability in Cisco ASA and Firepower Appliances Sees Spike...
The Cisco Adaptive Security Appliance and Firepower Appliancevulnerability patched over a year ago continues to be targeted by attackers in the wild, as exploitation attempts have increased in...
View ArticleClik here to view.
Google Chrome Affected by Magellan 2.0 SQLite Vulnerabilities
One year and one week after the disclosure of the Magellan series of vulnerabilities in 2018, Magellan 2.0 is disclosed bringing with it five new vulnerabilities.One year and one week after the...
View ArticleClik here to view.
CVE-2019-15975, CVE-2019-15976, CVE-2019-15977: Critical Authentication...
Cisco kicks off 2020 with 12 CVEs in Cisco Data Center Network Manager, including three critical authentication bypass vulnerabilities.BackgroundOn January 2, Cisco published a series of advisories for...
View ArticleClik here to view.
CVE-2019-11510: Critical Pulse Connect Secure Vulnerability Used in...
Recent rash of ransomware attacks are leveraging an eight-month-old flaw in a popular SSL VPN solution used by large organizations and governments around the world.BackgroundOn January 4, security...
View ArticleClik here to view.
CVE-2019-17026: Zero-Day Vulnerability in Mozilla Firefox Exploited in...
Mozilla releases patch to address Firefox flaw being used as part of targeted attacks.BackgroundOn January 8, Mozilla Foundation released a security advisory to address a critical zero-day flaw in...
View ArticleClik here to view.
5 Tips on How to Conduct a Vulnerability Assessment
So, your boss asked you to do a vulnerability assessment. You hardly remember anything about the topic from your security classes. Since it is about finding vulnerabilities in your infrastructure, it...
View ArticleClik here to view.
CVE-2019-19781: Exploit Scripts for Remote Code Execution Vulnerability in...
Attackers are actively probing for vulnerable Citrix Application Delivery Controller (ADC) and Gateway hosts, while multiple proof-of-concept scripts are released, emphasizing the importance of...
View ArticleClik here to view.
Up Your Vulnerability Prioritization Game with Tenable Lumin for Tenable.sc
We’re excited to take vulnerability prioritization to the next level with the introduction of Tenable Lumin for Tenable.sc. Tenable.sc customers have long enjoyed a rich array of tools for getting the...
View ArticleClik here to view.
CVE-2020-0601: NSA Reported Spoofing Vulnerability in Windows CryptoAPI
Microsoft kicks off the first Patch Tuesday of 2020 with the disclosure of CVE-2020-0601, a highly critical flaw in the cryptographic library for Windows.BackgroundOn January 14, Microsoft released its...
View ArticleClik here to view.
Microsoft’s January 2020 Patch Tuesday Kicks Off the New Year with 49 New CVEs
Microsoft kicks off 2020 by patching 49 CVEs, eight of which are rated as critical.Microsoft rang in 2020 with 49 CVEs addressed in the January 2020 Patch Tuesday release. This update contains 12...
View ArticleClik here to view.
Oracle January 2020 Critical Patch Update Contains 255 CVEs
Oracle rings in the new year with its first Critical Patch Update of 2020 addressing 255 CVEs across 334 security patches, including critical vulnerabilities in Oracle WebLogic Server.BackgroundOn...
View ArticleClik here to view.
CVE-2019-19781: Critical Vulnerability in Citrix ADC and Gateway Sees Active...
Following the release of exploit scripts for a critical flaw in Citrix Application Delivery Controller (ADC) and Gateway, attackers launch attacks against vulnerable hosts, while Citrix announces...
View ArticleClik here to view.
CVE-2020-0674: Internet Explorer Remote Code Execution Vulnerability...
Zero-day remote code execution vulnerability in Internet Explorer has been observed in attacks.BackgroundOn January 17, Microsoft released an out-of-band advisory (ADV200001) for a zero-day remote code...
View ArticleClik here to view.
What You Need to Know About Ethical Hacking
Ethical hacking, in which an organization uses the tools and practices of cyberattackers against their own systems, can be a valuable part of your cybersecurity strategy. Cybersecurity has been...
View ArticleClik here to view.
WEF Report: Cyberattacks Rank Just Below Climate Change as an Existential Threat
The vast majority of respondents to the World Economic Forum’s Global Risks Perception Survey expect cyberattacks against infrastructure and cybertheft of money/data to increase in 2020. Here’s why you...
View Article