Clik here to view.
CVE-2020-12695: CallStranger Vulnerability in Universal Plug and Play (UPnP)...
Universal Plug and Play (UPnP), a ubiquitous protocol used by “billions of devices,” may be vulnerable to data exfiltration and reflected amplified TCP distributed denial of service (DDoS)...
View ArticleClik here to view.
Microsoft’s June 2020 Patch Tuesday Addresses 129 CVEs Including Newly...
Microsoft continues its streak of patching over 100 CVEs, addressing 129 CVEs in June, including a fix for a new SMBv3 vulnerability dubbed SMBleed.For the fourth month in a row, Microsoft has patched...
View ArticleClik here to view.
SMBleed (CVE-2020-1206) and SMBLost (CVE-2020-1301) Vulnerabilities Affect...
Three months after an out-of-band patch was released for SMBGhost, aka EternalDarkness (CVE-2020-0796), researchers disclosed two new flaws affecting Microsoft’s Server Message Block (SMB) protocol,...
View ArticleClik here to view.
How Organizations Can Reduce the Economic Incentives of Vulnerabilities
In the last of our three-part series, Tenable Research evaluates the prevalence of vulnerabilities across the global population, as well as the implications of those findings on attackers' economic...
View ArticleClik here to view.
Tenable Research Discloses Multiple Vulnerabilities in Plex Media Server
Tenable Research discovered multiple vulnerabilities in Plex Media Server, a popular media streaming and sharing service, that could allow attackers to gain full system privileges and access to...
View ArticleClik here to view.
CVE-2020-11896, CVE-2020-11897, CVE-2020-11901: Ripple20 Zero-Day...
Researchers discovered 19 new zero-day vulnerabilities in a TCP/IP software library developed by Treck. Dubbed Ripple20, the batch includes CVE-2020-11901, which has the potential to take control of an...
View ArticleClik here to view.
Department of Defense Officials Report on Cyber Risk-Based Decisions
In a new report, Navy, Air Force and Defense Information Security Agency (DISA) leaders provide insights into managing cyber risk and protecting critical infrastructure. Here is a quick summary. A...
View ArticleClik here to view.
Looking Back, Looking Forward: Reflections on 50 Years of Pride
50 years after the protests at Stonewall, the fight for LGBTQIA+ equality and racial justice continues. Here’s a reflection from our Pride@Tenable community on the need for intersectional...
View ArticleClik here to view.
CVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical...
Critical authentication bypass vulnerability in PAN-OS devices could be exploited in certain configurations, which are commonly recommended by identity providers.BackgroundOn June 29, Palo Alto...
View ArticleClik here to view.
Not All Vulnerabilities Are Created Alike: Focus on What Matters Most
As the number of security vulnerabilities continues to skyrocket, prioritization is necessary for organizations to effectively reduce their cyber risk.For more than two years, I’ve explained to...
View ArticleClik here to view.
CVE-2017-7391: Vulnerability in Magento Mass Import (MAGMI) Plugin Exploited...
Just as Magento 1 reaches end of life, attackers are exploiting a vulnerability in a Magento plugin from 2017. Site owners should prepare to migrate their stores immediately.BackgroundOn May 17, ZDNet...
View ArticleClik here to view.
Securing Critical Infrastructure: 4 Steps for Reducing Cyber Risk
For critical infrastructure organizations, the gains of automation and IoT technology have also meant heightened threats. These are the steps security directors can take to reduce cyber risk across...
View ArticleClik here to view.
CVE-2020-5902: Critical Vulnerability in F5 BIG-IP Traffic Management User...
Three days after an advisory was disclosed for a critical remote code execution vulnerability in F5’s BIG-IP, active attempts to exploit vulnerable hosts have been observed in the wild.BackgroundOn...
View ArticleClik here to view.
Cross-Functional Collaboration Is Key to Industrial Cybersecurity
As cyberthreat actors increasingly target critical infrastructure, both the federal government and private sector have key roles to play in securing essential services. Here are some of the latest...
View ArticleClik here to view.
Tenable Rated Highest Among 'Customers’ Choice' Vendors in Product...
Gartner recently published its April 2020 “Voice of the Customer” report which synthesizes Gartner Peer Insights’ customer reviews from the previous year into insights for IT decision-makers. The...
View ArticleClik here to view.
CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server...
Researchers disclosed a critical flaw in SAP NetWeaver Application Server that could allow an attacker to gain access to any SAP application. Organizations are strongly encouraged to apply patches as...
View ArticleClik here to view.
Microsoft’s July 2020 Patch Tuesday Addresses 123 CVEs Including Wormable...
Microsoft addresses 123 CVEs, including CVE-2020-135, dubbed “SIGRed,” a wormable remote code execution vulnerability in Windows DNS Server.For the fifth month in a row, Microsoft has patched over 100...
View ArticleClik here to view.
CVE-2020-1350: Wormable Remote Code Execution Vulnerability in Windows DNS...
Researchers disclose a 17-year-old wormable flaw in Windows DNS servers. Organizations are strongly encouraged to apply patches as soon as possible.BackgroundOn July 14, Microsoft patched a critical...
View ArticleClik here to view.
How to Maximize Your Penetration Tests with Nessus
Penetration tests and vulnerability assessments make for an excellent tandem approach to cybersecurity. While similar — and sometimes confused for each other — penetration tests and vulnerability...
View ArticleClik here to view.
Oracle Critical Patch Update for July 2020 Tops Previous Record with 443...
Oracle’s third Critical Patch Update of 2020 contains a record-breaking 443 security patches addressing 284 CVEs, including critical vulnerabilities in Oracle Communications Applications and Oracle...
View Article