Tenable

MARCH 17, 2020

CVE-2020-8467 is a vulnerability in Apex One and OfficeScan in a component of a migration tool. A remote, authenticated attacker could exploit this vulnerability and gain arbitrary code execution on affected Apex One and OfficeScan installations. Identifying affected systems. Multiple vulnerabilities exploited in the wild.

Trends 104

Trends Software Review Systems Review Authentication 104

Tenable

DECEMBER 8, 2020

The final Patch Tuesday of 2020 includes fixes for 58 CVEs, including workaround details for a severe vulnerability in Windows DNS Resolver called SAD DNS. Microsoft patched 58 CVEs in the December 2020 Patch Tuesday release, including 9 CVEs rated as critical. CVE-2020-25705 | Windows DNS Resolver Spoofing Vulnerability.

Software Review 106

Software Review Windows Systems Review Azure 106

Tenable

MAY 3, 2020

Salt utilizes a “master” server that controls agents known as “minions" that collect data for the system and carries out tasks. CVE-2020-11651 is an authentication bypass in two methods of the ClearFuncs class. CVE-2020-11652 is a directory traversal security flaw in the “wheel” module that is used to read and write files.

Technical Advisors 104

Technical Advisors Open Source Software Review Systems Review 104

Tenable

MAY 5, 2022

CVE-2022-1388: Authentication Bypass in F5 BIG-IP. F5 patched an authentication bypass in its BIG-IP product family that could lead to arbitrary command execution. The Security Response Team included CVE-2020-5902 among its top 5 vulnerabilities in the 2020 Threat Landscape Retrospective due to the scope of exploitation.

Authentication 52

Authentication Software Review Systems Review Hardware 52

Tenable

SEPTEMBER 8, 2020

Microsoft patched 129 CVEs in the September 2020 Patch Tuesday release, including 23 CVEs rated critical. CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1460 | Microsoft SharePoint Remote Code Execution Vulnerability.

Software Review 112

Software Review Systems Review Windows Internet 112

Tenable

APRIL 8, 2021

In March 2021, the FBI and CISA observed APT actors scanning and enumerating publicly accessible Fortinet systems over ports 4443, 8443 and 10443. The agencies believe these APT actors are gathering a list of vulnerable systems in both the public and private sectors in preparation for future attacks. CVE-2020-12812.

Authentication 108

Authentication Systems Review Research Groups 108

Tenable

SEPTEMBER 10, 2020

PAN-OS devices that have enabled the captive portal or multi-factor authentication features are vulnerable to a critical buffer overflow flaw. On September 9, Palo Alto Networks (PAN) published nine security advisories for a series of vulnerabilities affecting PAN-OS , a custom operating system (OS) found in PAN’s next-generation firewalls.

Software Review 110

Software Review Systems Review Authentication Firewall 110

Tenable

OCTOBER 13, 2020

Microsoft patched 87 CVEs in the October 2020 Patch Tuesday release, including 11 CVEs rated critical. CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability. CVE-2020-16898 , dubbed “Bad Neighbor,” is a critical remote code execution (RCE) vulnerability within the Windows TCP/IP stack.

Windows 105

Windows Software Review Systems Review Advertising 105

Tenable

MAY 12, 2020

Microsoft addressed 111 CVEs in the May 2020 Patch Tuesday release, just short of the 113 CVEs seen in April. CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability. CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability. dll due to how objects are handled in memory.

Software Review 101

Software Review Systems Review Windows Transportation 101

Tenable

JULY 14, 2020

CVE-2020-6287 is caused by a complete lack of authentication in the SAP NetWeaver AS Java’s LM Configuration Wizard. An attacker could gain access to adm , the operating system user that has “unlimited access to all local resources related to SAP systems.” Publicly accessible NetWeaver AS JAVA systems.

Applications 100

Applications Software Review Systems Review Authentication 100

ParkMyCloud

MAY 22, 2020

Based on recent recommendations given by experts in the field, we’ve put together this list of 10 of the best practices for 2020 to help you fully utilize and optimize your Azure environment. Vitor Montalvao, Azure Cost Optimization Best Practices , March 6, 2020. Robert Lyon, Best practices for Azure RBAC , April 17, 2020.

Azure 104

Azure Serverless Authentication Cloud 104

Tenable

MARCH 6, 2020

pppd is a daemon on Unix-like operating systems used to manage PPP session establishment and session termination between two nodes. CVE-2020-8597 is a buffer overflow vulnerability in pppd due to a logic flaw in the packet processor of the Extensible Authentication Protocol (EAP). RHSA-2020:0631. RHSA-2020:0630.

Software Review 103

Software Review Systems Review Linux Authentication 103

Tenable

NOVEMBER 10, 2020

Microsoft patched 112 CVEs in the November 2020 Patch Tuesday release, including 17 CVEs rated as critical. CVE-2020-17087 | Windows Kernel Local Elevation of Privilege Vulnerability. CVE-2020-17087 was used to escape Google Chrome’s sandbox in order to elevate privileges on the exploited system.

Windows 105

Windows Software Review Azure Systems Review 105

Tenable

FEBRUARY 11, 2020

Microsoft addresses a staggering 99 CVEs in the February 2020 Patch Tuesday release. CVE-2020-0673 and CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability. CVE-2020-0674 was first noted as being exploited in the wild in January , where Microsoft released an out-of-band advisory ( ADV200001 ).

Internet 106

Internet Software Review Windows Systems Review 106

The Citus Data

JULY 28, 2020

SCRAM with channel binding is a variation of password authentication that is almost as easy to use, but much more secure. In basic password authentication, the connecting client simply sends the server the password. Basic password authentication has several weaknesses which are addressed with SCRAM and channel binding.

Authentication 107

Authentication How To Data Systems Review 107

Tenable

OCTOBER 21, 2020

On October 20, Oracle released the Critical Patch Update (CPU) Advisory for October 2020 , its final quarterly release of security patches for the year. This quarter’s update marks the second-highest count in Oracle CPUs, surpassed only by the July 2020 update which holds the record with over 440 patches. Notable Vulnerabilities.

Systems Review 102

Systems Review Applications Construction Insurance 102

Tenable

SEPTEMBER 14, 2020

Security researchers reveal how the cryptographic authentication scheme in Netlogon can be exploited to take control of a Windows domain controller (DC). The blog post contains a whitepaper explaining the full impact and execution of the vulnerability, identified as CVE-2020-1472 , which received a CVSSv3 score of 10.0, Background.

Windows 115

Windows LAN Backup Authentication 115

Tenable

JUNE 5, 2024

An advisory from Rockwell Automation reiterates the importance of disconnecting operational technology devices with public-facing internet access and patching and mitigating systems vulnerable to several flaws. This need also came at the cost of expanding the attack surface , which included the provisioning of OT systems for remote access.

Internet 67

Internet Software Review Systems Review Technical Review 67

Tenable

JULY 6, 2020

Domain Name System (DNS). CVE-2020-5902 is a critical vulnerability in the BIG-IP Traffic Management User Interface (TMUI) also known as the Configuration Utility. The advisory states that the vulnerability could also “result in complete system compromise.”. Ben Goerz (@bengoerz) July 4, 2020. Link Controller.

Software Review 98

Software Review Technical Review Systems Review Research 98

Tenable

NOVEMBER 5, 2020

CVE-2020-14871 is a critical pre-authentication stack-based buffer overflow vulnerability in the Pluggable Authentication Module (PAM) in Oracle Solaris. PAM is a dynamic authentication component that was integrated into Solaris back in 1997 as part of Solaris 2.6. Hacker Fantastic (@hackerfantastic) November 3, 2020.

Authentication 74

Authentication Research Software Review Systems Review 74

Tenable

DECEMBER 8, 2020

The vulnerability was disclosed by the NSA to VMware, which published details in a security advisory, VMSA-2020-0027.2 , on November 23. CVE-2020-4066 is a command injection vulnerability in the administrative configurator component in certain versions of VMware products. Exploiting CVE-2020-4006 to access protected data.

Linux 64

Linux Software Review Systems Review Windows 64

Tenable

APRIL 12, 2024

Background On April 12, Palo Alto Networks released a security advisory for a critical command injection vulnerability affecting PAN-OS, the custom operating system (OS) Palo Alto Networks (PAN) uses in their next-generation firewalls. Affected Version Hotfix Release Version Expected Release Date PAN-OS 10.2 prior to 10.2.9-h1

Network 119

Network Firewall Software Review Systems Review 119

Tenable

AUGUST 5, 2021

Pulse Secure has patched CVE-2021-22937, a patch bypass for CVE-2020-8260, in its Connect Secure products. Richard Warren with NCC Group has published a technical advisory for this flaw, explaining it is a patch bypass for CVE-2020-8260 which he disclosed in October 2020. Identifying affected systems. Background.

Software Review 119

Software Review Technical Review Authentication Systems Review 119

Tenable

APRIL 27, 2020

According to Sophos, they were able to identify “an attack against physical and virtual XG Firewall units” after reviewing the report of a “suspicious field value” in the XG Firewall’s management interface. Sophos Firewall Operating System. Sophos Firewall Operating System. Sophos Firewall Operating System.

Firewall 101

Firewall WAN Operating System Systems Review 101

Tenable

OCTOBER 18, 2023

When configured as a gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an AAA virtual server, an unauthenticated attacker could exploit the device in order to hijack an existing authenticated session. Successful exploitation allows the attacker to bypass multifactor authentication (MFA) requirements. NDcPP Prior to 12.1-55.300

Systems Review 68

Systems Review Software Review Authentication Virtualization 68

TechCrunch

DECEMBER 15, 2022

Seeking to bring greater security to AI systems, Protect AI today raised $13.5 Protect AI claims to be one of the few security companies focused entirely on developing tools to defend AI systems and machine learning models from exploits. Swanson suggests internal-use authentication tokens and other credentials, for one.

Artificial Inteligence 223

Artificial Inteligence Machine Learning Software Review Systems Review 223

Tenable

OCTOBER 2, 2023

An unauthenticated (or pre-authenticated) attacker could exploit this vulnerability by sending a specially crafted POST request to a vulnerable WS_FTP Server. Successful exploitation would grant an attacker the ability to achieve remote command execution on the underlying operating system of the WS_FTP Server.

Software Review 122

Software Review Software Systems Review Authentication 122

TechCrunch

OCTOBER 19, 2021

BluePallet was founded in 2020 through the merger of then three-year-old chemical marketplace EchoSystem and Velloci, a fintech company. trillion industry in 2020. and Bruce Schechinger, former chairman of the National Association of Chemical Distributors. . Image Credits: CEO Scott Barrows / BluePallet.

Chemicals 240

Chemicals Industry Technical Review Fintech 240

TechCrunch

SEPTEMBER 23, 2021

The sizable seed round from strong investors is due to a few factors. With a lot of that experience covering payment systems based on cards and card networks, it was the perfect knowledge bank for understanding why open banking was such an important innovation, and why it had an opportunity to disrupt a lot of what’s in place today.

Banking 207

Banking Authentication Fintech Systems Review 207

CIO

JANUARY 5, 2023

A September 2021 Gartner report predicted that by 2025, 70% of new applications developed by enterprises will use low-code or no-code technologies, up from less than 25% in 2020. If we had to write 15 different pricing systems, it could’ve taken years,” requiring backend fulfillment systems and credit checks for each specific price.

Software Review 322

Software Review Tools Off-The-Shelf Technical Review 322

Altexsoft

JUNE 26, 2020

The first CPOE system was built in 1971 by NASA Space Center and Lockheed Corporation for a hospital in California. It was not until the late 1990s that CPOE started to bring real value to hospitals due to technological advances, decreased cost of development, and enhanced computer literacy of medical professionals. a hard token.

Systems Review 85

Systems Review System Testing Technical Review 85

Tenable

JULY 15, 2020

Oracle’s third Critical Patch Update of 2020 contains a record-breaking 443 security patches addressing 284 CVEs, including critical vulnerabilities in Oracle Communications Applications and Oracle Fusion Middleware products. Oracle Systems. Background. Oracle Product Family. Number of Patches. Remote Exploit without Auth.

WAN 60

WAN Systems Review Applications Construction 60

Tenable

JUNE 16, 2020

Tenable Research discovered multiple vulnerabilities in Plex Media Server, a popular media streaming and sharing service, that could allow attackers to gain full system privileges and access to personal files. This type of service is very popular as people are homebound due to public health orders. CVE-2020-5742. CVE-2020-5741.

Media 98

Media Research Systems Review Software Review 98

Tenable

MARCH 11, 2021

F5 releases patches for multiple vulnerabilities in BIG-IP and BIG-IQ, including a critical remote command execution flaw that does not require authentication and is likely to attract exploits in the near future. All four vulnerabilities require an attacker to be authenticated to the vulnerable system in order to exploit these flaws.

Software Review 100

Software Review Systems Review Authentication Policies 100

Xebia

DECEMBER 16, 2022

There were some common classes of vulnerabilities in the automotive, home connectivity and industrial control system devices. For example, look at how the OWASP Top 10 has changed from 2013 to 2020. Using the vulnerabilities found, an attacker could get root access to the BMC without any authentication.

Systems Review 130

Systems Review Software Review Automotive Education 130

iTexico

OCTOBER 11, 2019

10 Trends of Artificial Intelligence (AI) in 2020. With the arrival of 2020, we are likely to see AI, bringing radical changes in many aspects, be it organizations, business models, innovations, and cultures. In this article, we will explore 10 AI trends that will dominate 2020. AI-Powered Cybersecurity Systems.

Artificial Inteligence 67

Artificial Inteligence Artificial Intelligence Trends Machine Learning 67

Tenable

APRIL 30, 2020

On April 29, 2020, Check Point researchers Omri Herscovici and Sagi Tzadik published research into three popular WordPress learning management system (LMS) plugins: LifterLMS , LearnDash and LearnPress. CVE-2020-6008 is an arbitrary file write vulnerability in LifterLMS versions below 3.37.15. Background.

Software Review 97

Software Review PHP Systems Review Research 97