Tenable

NOVEMBER 9, 2022

CVE-2022-27510: Critical Citrix ADC and Gateway Authentication Bypass Vulnerability Citrix publishes an advisory to address multiple flaws in its ADC and Gateway products, including a critical vulnerability. CVE-2022-27510. Citrix ADC and Gateway Authentication Bypass Vulnerability. CVE-2022-27513. CVE-2022-27516.

Authentication 52

Authentication Virtualization Healthcare Network 52

Tenable

OCTOBER 6, 2023

A SANS Institute survey found that budgets for ICS/OT security have shrunk, and advises on how to do more with less. In addition, CISA’s Cybersecurity Awareness Month campaign challenges tech vendors to build safer products. in 2022 to 21.8% Security Spotlight - The Ransomware Ecosystem Tenable.ot And much more!

Budget 65

Budget Report Survey Open Source 65

Tenable

DECEMBER 21, 2022

CVE-2022-37958: FAQ for Critical Microsoft SPNEGO NEGOEX Vulnerability Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX, originally patched in September, after a security researcher discovered that it can lead to remote code execution. Frequently Asked Questions (FAQ) about CVE-2022-37958. What is CVE-2022-37958?

Windows 98

Windows SMB Authentication Research 98

Tenable

OCTOBER 1, 2022

On September 28, GTSC Cybersecurity Technology Company Limited published a blog post (English translation published later ) regarding their discovery of two zero-day vulnerabilities in Microsoft Exchange Server. Exploitation of CVE-2022-41040 could allow an attacker to exploit CVE-2022-41082. Get more information.

Authentication 56

Authentication Report Internet Analysis 56

Tenable

DECEMBER 9, 2022

It was at around this time last year that the discovery of the zero-day Log4Shell vulnerability in the ubiquitous Log4j open source component sent shockwaves through the worlds of IT and cybersecurity. . Tenable found that, as of October 1, 2022: 72% of organizations remain vulnerable to Log4Shell. Insecure System Configuration.

Software Review 52

Software Review SMB Malware Development Team Review 52

Tenable

JANUARY 10, 2024

Two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure have been exploited in the wild, with at least one attack attributed to nation-state actors. Background On January 10, Ivanti released a security advisory for two zero-day vulnerabilities that were exploited in-the-wild in limited, targeted attacks.

Policies 71

Policies Authentication Analysis Network 71

Tenable

OCTOBER 14, 2022

14 | DevOps team culture is key for supply chain security | SecOps gets more challenging as attack surface expands | Weak credentials hurt cloud security | Incident responders grapple with stress | Security spending grows | And much more! . Topics that are top of mind for the week ending Oct.

Security 52

Security Weak Development Team Retail Software Review 52

Tenable

AUGUST 3, 2023

AA23-215A: 2022's Top Routinely Exploited Vulnerabilities A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022 Background On August 3, a joint Cybersecurity Advisory (CSA) AA23-215A coauthored by multiple U.S.

Authentication 52

Authentication Data Center Software Review Windows 52

Tenable

JUNE 14, 2022

Microsoft addresses 55 CVEs in its June 2022 Patch Tuesday release, including three critical flaws. Microsoft patched 55 CVEs in its June 2022 Patch Tuesday release, with three rated as critical, 52 rated as important. Windows Local Security Authority Subsystem Service. 3 Critical. 52 Important. 0 Moderate. Windows Installer.

Windows 97

Windows Azure SMB Internet 97

Tenable

AUGUST 2, 2022

CVE-2022-31656: VMware Patches Several Vulnerabilities in Multiple Products (VMSA-2022-0021). On August 2, VMware issued an advisory ( VMSA-2022-0021 ) for ten vulnerabilities across several of its products. On August 2, VMware issued an advisory ( VMSA-2022-0021 ) for ten vulnerabilities across several of its products.

Authentication 53

Authentication Research Analysis Organization 53

Lacework

MAY 20, 2022

CVE(s) (if available): CVE-2022-22954, CVE-2022-22955,CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961, CVE-2022-22972, CVE-2022-22973. Security Advisory: Critical Vulnerabilities in VMware from Lacework on Vimeo. Remediation.

Malware 78

Malware IoT Authentication Network 78

Tenable

FEBRUARY 13, 2024

Moderate CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability CVE-2024-21351 is a security feature bypass vulnerability in Windows SmartScreen. Successful exploitation would bypass SmartScreen security features. Moderate March 2023 CVE-2023-32049 Windows SmartScreen Security Feature Bypass Vulnerability 8.8

LAN 124

LAN Windows Azure Internet 124

Tenable

DECEMBER 13, 2022

CVE-2022-27518: Unauthenticated RCE in Citrix Gateway and Citrix ADC Citrix has patched a critical remote code execution vulnerability in its ADC and Gateway products. Both the advisory and blog post note that targeted attacks have been observed in the wild and customers should patch this vulnerability immediately. Background.

Authentication 97

Authentication Analysis Organization Network 97

Tenable

MAY 9, 2023

Feynman In the last of our four-part blog series we take a closer look at eight notable CVEs in 2022 and explore how the gaps between their discovery and their full disclosure on the National Vulnerability Database (NVD) could put organizations at risk. 1 CVE Description CVSS v3 VPR* CVE-2022-1134 Type confusion in V8 Google Chrome 8.8

Authentication 52

Authentication Study Small Business Research 52

CircleCI

JANUARY 13, 2023

On January 4, 2023, we alerted customers to a security incident. Today, we want to share with you what happened, what we’ve learned, and what our plans are to continuously improve our security posture for the future. Security best practices. This notification kicked off a deeper review by CircleCI’s security team with GitHub.

Report 145

Report Systems Review Malware Software Review 145

Tenable

APRIL 7, 2022

On April 6, VMware published an advisory (VMSA-2022-0011) addressing eight vulnerabilities across a number of VMware products: CVE. CVE-2022-22954. CVE-2022-22955. OAuth2 ACS Authentication Bypass Vulnerability. CVE-2022-22956. OAuth2 ACS Authentication Bypass Vulnerability. CVE-2022-22957.

Authentication 98

Authentication Research Analysis Cloud 98

Tenable

JUNE 12, 2023

Medium Analysis CVE-2023-27997 is a heap-based buffer overflow vulnerability in the secure socket layer virtual private network (SSL VPN) functionality in FortiOS and FortiProxy in Fortinet devices including its FortiGate Next Generation Firewalls (NGFW). This is reachable pre-authentication, on every SSL VPN appliance.

Firewall 102

Firewall Authentication Research Groups 102

Ivanti

AUGUST 9, 2022

systems ( CVE-2022-26832 and CVE-2022-30130 ). Additionally, advisory ADV200011 was updated with a standalone security update ( KB5012170 ), which implements improvements to Secure Boot DBX. Of the 121 new CVEs addressed this month, there is a zero day ( CVE-2022-34713 ) and a publicly disclosed CVE ( CVE-2022-30134 ).

Windows 93

Windows Systems Review Budget Azure 93

Tenable

SEPTEMBER 22, 2023

Department of Homeland Security in its “ Homeland Threat Assessment 2024 ” report. Insurance provider Coalition said in its “ 2023 Cyber Claims Report: Mid-year Update ” that cyber claims rose 12% in the first half of 2023 compared with the second half of 2022, a surge driven primarily by ransomware attacks. So says the U.S.

Insurance 70

Insurance Trends IoT Software Review 70

Ivanti

SEPTEMBER 1, 2023

According to Ivanti’s 2023 Press Reset cybersecurity report , over 50% of surveyed security professionals said their organizations hadn’t experienced a phishing incident in the last 24-months – despite virtually every organization getting phished in 2022! Ultimately, AJ emphasized, "Security is a mindset; it's a culture.

Security 85

Security ChatGPT How To Generative AI 85

Tenable

SEPTEMBER 9, 2022

9 | Software supply chain security in the spotlight. Guidance for evaluating IoT security tools. Increasing diversity in cybersecurity. Another look at the major cloud security threats. government stresses software supply chain security. Defining and implementing security test plans. And much more!

Security 52

Security IoT Open Source Linux 52

Tenable

MAY 25, 2023

Background On May 24, several international agencies — including the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) in the U.S, It is part of a new naming convention used by Microsoft. How long has Volt Typhoon been operating?

Malware 52

Malware Windows Groups Internet 52

Tenable

JANUARY 9, 2024

Our counts omitted CVE-2022-35737, a vulnerability in SQLite called “Stranger Strings” that was assigned by MITRE and patched in July 2022. The attacker would then be able to bypass authentication via impersonation. this flaw can be exploited by an authenticated attacker with at least Site Owner privileges.

Windows 114

Windows Authentication Cloud Linux 114

Tenable

MARCH 12, 2024

In 2022, Microsoft patched two EoP flaws in OMI ( CVE-2022-33640 and CVE-2022-29149 ), as well as an information disclosure vulnerability ( CVE-2023-36043 ) in November 2023. Including this month, nine RCE vulnerabilities affecting Windows Hyper-V have been disclosed since 2022, with seven of them rated as Critical.

Windows 123

Windows Azure Authentication Infrastructure 123

Tenable

AUGUST 26, 2022

26 | The “platformization” of hybrid cloud security. Tackling IT/OT cybersecurity challenges. Tips for complying with HIPAA’s cybersecurity rule. 1 - IDC sees shift to “platformization” of hybrid cloud security. That’s according to IDC’s “Worldwide Cloud Workload Security Forecast, 2022-2026.” .

Weak Development Team 52

Weak Development Team Software Review Technical Review Budget 52

Tenable

AUGUST 9, 2022

Microsoft’s August 2022 Patch Tuesday Addresses 118 CVEs (CVE-2022-34713). Microsoft addresses 118 CVEs in its August 2022 Patch Tuesday release, including 17 critical flaws. Microsoft patched 118 CVEs in its August 2022 Patch Tuesday release, with 17 rated as critical and 101 rated as important. Windows Secure Boot.

SMB 63

SMB Azure Windows Disaster Recovery 63

Tenable

DECEMBER 2, 2022

Get the latest on Log4Shell’s global remediation status; the need for metaverse security rules; a shutdown of “pig butchering” domains; tips for secure IoT products; an informal poll about AD security; and more! . Cybersecurity and Infrastructure Security Agency (CISA). Log4j guidance from the U.S.

IoT 52

IoT Systems Review Guidelines Technical Review 52

Tenable

FEBRUARY 8, 2022

Microsoft addresses 48 CVEs in its February 2022 Patch Tuesday release, including one zero-day vulnerability that was publicly disclosed, but not exploited in the wild. Microsoft patched 48 CVEs in the February 2022 Patch Tuesday release, with all 48 rated as important and none rated as critical. CVE-2022-22717 (CVSSv3 7.0)

Windows 52

Windows Research Azure System 52

Tenable

MARCH 14, 2024

Critical At the time this blog was published, Fortinet’s advisory assigned a CVSSv3 score of 9.3 This blog will be updated to reflect the correct CVSSv3 score if the advisory or NVD record are updated. At the time this blog was published, Fortinet’s advisory did not include any messaging about known exploitation of this vulnerability.

Software Review 66

Software Review Systems Review Authentication Infrastructure 66

Tenable

OCTOBER 28, 2022

Get the latest on Microsoft 365 security configurations; effective CISO board presentations; rating MSPs’ cybersecurity preparedness; and hospitals’ Daixin cyberthreat. Cybersecurity and Infrastructure Security Agency (CISA) released a set of recommended configuration baselines for the Microsoft 365 product suite. .

Cloud 52

Cloud Malware Spyware Authentication 52

Tenable

FEBRUARY 17, 2023

Find out why a study says cybersecurity pros will weather staff reductions better than all other employees. That’s according to the (ISC) 2 cybersecurity industry non-profit organization, which this week published the results of a survey of 1,000 C-level business executives from Germany, Japan, Singapore, the U.S. And much more!

Weak Development Team 52

Weak Development Team ChatGPT Infrastructure Report 52

Tenable

AUGUST 5, 2022

That’s the bad news the Cybersecurity and Infrastructure Security Agency’s Cyber Safety Review Board delivered in a recent report. Drive best practices for security hygiene, such as automated vulnerability management, asset inventorying and vulnerability mitigation, as well as secure software development practices.

Development Team Review 52

Development Team Review Software Review Systems Review Technical Review 52

Prisma Clud

SEPTEMBER 21, 2023

The traditional network security model has long relied on a simple yet increasingly outdated concept — the secure perimeter. The secure perimeter approach assumes everything inside a network is inherently trustworthy and focuses security efforts on keeping threats outside a defined boundary. million in 2023.

Cloud 105

Cloud Network Policies Machine Learning 105

O'Reilly Media - Ideas

NOVEMBER 1, 2022

We’re seeing important articles about AI infiltrating security, programming, and almost everything else; even biology. If you’re interested in writing AI software to generate code (and not just using Copilot), Evan Pu has begun a series of blog posts on program synthesis. Maintaining a separate category for AI is getting difficult.

Trends 103

Trends Artificial Inteligence Open Source Research 103

Tenable

OCTOBER 2, 2023

Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10 Background On September 27, Progress Software published an advisory for WinSock File Transfer Protocol or WS_FTP Server , a secure file transfer solution, addressing eight vulnerabilities.

Software Review 121

Software Review Software Systems Review Authentication 121

Tenable

SEPTEMBER 12, 2023

Discovery of this flaw is credited to Valentina Palmiotti from IBM X-Force, Quan Jin and ze0r with DBAPPSecurity WeBin Lab and both the Microsoft Security Response Center (MSRC) and Microsoft Threat Intelligence. Palmiotti said in a post that a blog and exploit code for the vulnerability will “be released soon.”

LAN 119

LAN Windows 3D Azure 119

Tenable

MARCH 30, 2022

On March 29, VMware published an advisory (VMSA-2022-0009) for a moderate severity vulnerability in VMware vCenter Server, its centralized management software for VMware vSphere cloud computing virtualization systems. CVE-2022-22948. VMware vCenter Server Information Disclosure Vulnerability. Background. Description.

Authentication 52

Authentication Windows Virtualization Groups 52