Tenable

AUGUST 22, 2023

CVE Description CVSSv3 Severity CVE-2023-38035 Ivanti Sentry API Authentication Bypass Vulnerability 9.8 Critical Disclosure of this vulnerability is credited to researchers at mnemonic, which published its own blog post about the discovery. Just like CVE-2023-38035, its discovery is also credited to researchers at mnemonic.

Authentication 52

Authentication Knowledge Base Firewall Mobile 52

Tenable

DECEMBER 12, 2023

4 Critical 29 Important 0 Moderate 0 Low Microsoft addresses 33 CVEs in its December 2023 Patch Tuesday release, with no zero-day vulnerabilities disclosed this month. Microsoft patched 33 CVEs in its December 2023 Patch Tuesday release, with four rated critical and 29 rated as important. It was assigned a CVSSv3 score of 9.6

Windows 113

Windows Software Review Azure Internet 113

Tenable

JANUARY 23, 2024

CVE Description CVSSv3 CVE-2024-0204 Fortra GoAnywhere MFT Authentication Bypass Vulnerability 9.8 According to the advisory, it was discovered on December 1, 2023. Successful exploitation would allow an attacker to bypass authentication to create new users, including a user with administrator privileges. and below 7.4.1

Authentication 62

Authentication Research Groups Analysis 62

Tenable

SEPTEMBER 11, 2023

This blog post was published on September XX and reflects VPR at that time. Analysis CVE-2023-20269 is an unauthorized access vulnerability in the remote access VPN feature of the Cisco ASA and FTD software. Proof of concept At the time this blog post was published, there was no public proof-of-concept (PoC) for CVE-2023-20269.

Groups 119

Groups Report Authentication Software Review 119

Tenable

AUGUST 8, 2023

Microsoft also released two advisories (ADV230003 and ADV230004) this month as well as a patch for a vulnerability in AMD processors (CVE-2023-20569). Important CVE-2023-38180 |.NET NET and Visual Studio Denial of Service Vulnerability CVE-2023-38180 is a Denial of Service (DoS) vulnerability in Microsoft Visual Studio,NET versions 6.0

Windows 98

Windows Software Review .Net Azure 98

Tenable

MARCH 14, 2023

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397) Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed. This CVE count includes two CVEs (CVE-2023-1017 and CVE-2023-1018) in the third party Trusted Platform Module (TPM2.0)

Windows 98

Windows Operating System Authentication Internet 98

Tenable

FEBRUARY 14, 2023

Microsoft’s February 2023 Patch Tuesday Addresses 75 CVEs (CVE-2023-23376) Microsoft addresses 75 CVEs including three zero-day vulnerabilities that were exploited in the wild. CVE-2023-21710 received a CVSSv3 score of 7.2 Our recent blog on ProxyNotShell, OWASSRF and TabShell discusses these vulnerabilities in greater detail.

Windows 100

Windows Azure Authentication Policies 100

Tenable

OCTOBER 16, 2023

CVE-2023-20198: Zero-Day Vulnerability in Cisco IOS XE Exploited in the Wild A maximum severity CVSS 10 zero-day vulnerability in Cisco IOS XE has been exploited in the wild. Analysis CVE-2023-20198 is a privilege escalation vulnerability affecting Cisco IOS XE software, receiving the highest possible CVSS score of 10.

Software Review 109

Software Review Systems Review Authentication Transportation 109

Tenable

DECEMBER 6, 2023

Tenable Research has published two blogs on CitrixBleed, our initial analysis of the vulnerability as well as a Frequently Asked Questions (FAQ) blog providing added context surrounding the in-the-wild exploitation by threat actors including multiple ransomware groups.

Systems Review 73

Systems Review Authentication Analysis Malware 73

Tenable

NOVEMBER 14, 2023

3 Critical 54 Important 0 Moderate 0 Low Update November 14: This blog has been updated to note the availability of fixes for Windows and Windows Server for CVE-2023-38545, a heap buffer overflow vulnerability in curl. Moderate December 2022 CVE-2023-24880 Windows SmartScreen Security Feature Bypass Vulnerability 4.4

Windows 69

Windows Systems Review Software Review .Net 69

Tenable

MARCH 14, 2024

CVE Description CVSSv3 Severity CVE-2023-48788 Critical SQL Injection Vulnerability (or Improper neutralization of special elements in an SQL command) 9.3 Critical At the time this blog was published, Fortinet’s advisory assigned a CVSSv3 score of 9.3 IOCs, POC, and deep-dive blog to be released next week. through 7.2.2

Software Review 66

Software Review Systems Review Authentication Infrastructure 66

Hacker Earth Developers Blog

DECEMBER 6, 2022

But to ensure you do all of this the right way, you need to know the recruitment trends that are being forecasted to turn talent acquisition on its head in 2023! 74% of Millennial and Gen Z workers plan to quit in 2023 due to a lack of upskilling and career advancement opportunities. Let’s dive in. What are you waiting for?

Recruiting 243

Recruiting Trends Technical Review Social 243

Tenable

JULY 11, 2023

Microsoft’s July 2023 Patch Tuesday Addresses 130 CVEs (CVE-2023-36884) Microsoft addresses 130 CVEs including five that were exploited in the wild as zero-day vulnerabilities and guidance on the malicious use of Microsoft signed drivers. Exploitation of CVE-2023-36884 began in June 2023.

Windows 98

Windows Software Review Systems Review Authentication 98

Tenable

JULY 25, 2023

CVE Description CVSSv3 Severity CVE-2023-35078 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability 10.0 Analysis CVE-2023-35078 is an authentication bypass vulnerability in Ivanti’s EPMM. Analysis CVE-2023-35078 is an authentication bypass vulnerability in Ivanti’s EPMM. less than 10).”

Mobile 98

Mobile Knowledge Base Authentication Government 98

Tenable

JUNE 12, 2023

CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate) Fortinet says a critical flaw in its SSL-VPN product may have been exploited in the wild in a limited number of cases. High CVE-2023-29180 FortiOS Null pointer de-reference in SSLVPNd 7.3 Patch your #Fortigate. Details at a later time.

Firewall 102

Firewall Authentication Research Groups 102

Tenable

JANUARY 10, 2024

CVE Description CVSSv3 CVE-2023-46805 Ivanti Connect Secure and Ivanti Policy Secure Authentication Bypass Vulnerability 8.2 Analysis CVE-2023-46805 is an authentication bypass vulnerability in the web component of Ivanti Connect Secure (ICS), previously known as Pulse Connect Secure and Ivanti Policy Secure.

Policies 72

Policies Authentication Analysis Network 72

CircleCI

JANUARY 13, 2023

On January 4, 2023, we alerted customers to a security incident. By January 4, 2023, our internal investigation had determined the scope of the intrusion by the unauthorized third party and the entry path of the attack. On January 5, 2023, at 03:26 UTC, we revoked all Project API Tokens.

Report 145

Report Systems Review Malware Software Review 145

Synopsys

MAY 8, 2023

CVE-2023-25828 vulnerability; history, mitigation analysis, and everything you need to know about the remote code execution (RCE) vulnerability in Pluck CMS. Summary CVE-2023-25828, tracked in the Black Duck KnowledgeBase™ as BDSA-2023-0370, is an authenticated remote code execution vulnerability in Pluck CMS.

Software Review 93

Software Review PHP Systems Review Authentication 93

Tenable

NOVEMBER 20, 2023

Background The Tenable Security Response Team has put together this blog to answer frequently Asked Questions (FAQ) regarding a critical vulnerability known as CitrixBleed. Critical CVE-2023-4967 Citrix NetScaler ADC and Gateway DoS Vulnerability 8.2 High We published a blog post for both vulnerabilities on October 18.

Technical Advisors 79

Technical Advisors Groups Research Network 79

Tenable

MARCH 8, 2024

1 - FBI: Critical infrastructure walloped by ransomware attacks in 2023 The number of U.S. ransomware incidents grew 18% in 2023 to 2,825, and 42% of those attacks impacted critical infrastructure organizations. Dive into six things that are top of mind for the week ending March 8. billion, a hefty 22% jump over 2022. and Canada.

Infrastructure 115

Infrastructure Report Software Review Artificial Intelligence 115

Tenable

OCTOBER 18, 2023

On October 17, Mandiant released a blog post and remediation guidance document where they noted that exploitation of a zero-day vulnerability, later identified as CVE-2023-4966, was observed in late August. CVE Description CVSSv3 Severity CVE-2023-4966 Sensitive information disclosure 9.4 and later releases of 13.0

Systems Review 68

Systems Review Software Review Authentication Virtualization 68

Tenable

JUNE 14, 2023

CVE-2023-20887: VMware Aria Operations for Networks Command Injection VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8. Background On June 7, VMware published an advisory (VMSA-2023-0012.1)

Network 53

Network Software Review Authentication Systems Review 53

Ivanti

JULY 11, 2023

What to expect in July 2023’s updates for Kerberos and Netlogon vulnerabilities Microsoft outlined a phased rollout of enforcement for both vulnerabilities, due to the fact that they are changing some core behaviors in two commonly used authentication mechanisms. The vulnerability has confirmed exploits in the wild. The CVSS v3.1

Software Review 82

Software Review Windows Systems Review Report 82

Tenable

JUNE 2, 2023

CVE-2023-34362: MOVEIt Transfer Critical Zero-Day Vulnerability Exploited in the Wild Discovery of a new zero-day vulnerability in MOVEit Transfer becomes the second zero-day disclosed in a managed file transfer solution in 2023, with reports suggesting that threat actors have stolen data from a number of organizations.

Technical Review 94

Technical Review Software Review Systems Review Groups 94

CIO

NOVEMBER 8, 2023

It is estimated by the end of 2023, 31% of organizations expect to run 75% of their workloads 2 in the cloud. With Zscaler Workload Communications, organizations can effortlessly shift from traditional perimeter-based approaches to a zero-trust framework and establish granular control, strong authentication, and continuous monitoring.

Cloud 338

Cloud Spyware AWS Malware 338

Tenable

JANUARY 31, 2024

Background The Tenable Security Response Team has put together this blog to answer Frequently Asked Questions (FAQ) regarding four vulnerabilities affecting Ivanti Connect Secure and Policy Secure Gateways. Released January 31 CVE-2023-46805 and CVE-2024-21887 were originally disclosed on January 10 and we published a blog post that same day.

Policies 62

Policies Malware Authentication Software Review 62

Tenable

FEBRUARY 9, 2024

Critical FG-IR-24-029 CVE-2023-47537 Fortinet FortiOS Improper Certificate Validation Vulnerability 4.4 Medium FG-IR-23-301 CVE-2023-44487 Fortinet FortiOS and FortiProxy HTTP/2 Rapid Reset Vulnerability 5.3 CVE Description CVSSv3 Severity CVE-2024-21762 Fortinet FortiOS Out-of-bound Write Vulnerability in sslvpnd 9.6 FortiOS 6.0.0 (all

Malware 121

Malware Authentication Infrastructure Analysis 121

Tenable

JANUARY 9, 2024

Critical CVE-2024-20674 | Windows Kerberos Security Feature Bypass Vulnerability CVE-2024-20674 is a critical security feature bypass vulnerability affecting Windows Kerberos, an authentication protocol designed to verify user or host identities. The attacker would then be able to bypass authentication via impersonation.

Windows 114

Windows Authentication Cloud Linux 114

Tenable

APRIL 21, 2023

Background On April 20, VMware published an advisory (VMSA-2023-0007) to address two vulnerabilities in VMware Aria Operations for Logs , formerly known as vRealize Log Insight, a centralized log management solution. CVE Description CVSSv3 VPR* CVE-2023-20864 Deserialization Vulnerability in VMware Aria Operations for Logs 9.8

Knowledge Base 52

Knowledge Base Authentication Research Operating System 52

Prisma Clud

NOVEMBER 17, 2023

One such flaw is CVE-2023-22515, which affects the Confluence Data Center and Server. In this blog post, we break down the specifics of CVE-2023-22515, its consequences, and the best ways to safeguard against it. The Heart of the Matter: What Is CVE-2023-22515?

Data Center 52

Data Center Data Cloud Authentication 52

Perficient

SEPTEMBER 19, 2023

Second, better- personalized products and experiences were seen as important levers for differentiation, making authentic connections and customer journey insights even more vital for the business. What Matters Most to Insurers in 2023? Many Reasons to Attend InsureTech Connect 2023… What’s Yours?

Insurance 52

Insurance Artificial Inteligence Generative AI Conference 52

MagmaLabs

DECEMBER 6, 2022

This blog post will guide you through those advantages when choosing RoR for your business. This, allows developers to focus on building the core functionality of the app rather than spending time on basic tasks such as setting up databases and user authentication. What is Ruby on Rails? The Ruby Gems. GET A FREE CONSULTATION.

Web Development 98

Web Development Scalability Authentication Small Business 98

CIO

SEPTEMBER 12, 2023

i] NIS2 was adopted in early 2023 as a response to increasing digitalization and rising cybersecurity threats stemming from the COVID-19 pandemic and the Russia-Ukraine War. iv] The 2023 Global Study on Closing the IT Security Gap: Addressing Cybersecurity Gaps from Edge to Cloud. March 2023. i] S ievers, T. Cybersecur. [iii]

Security 242

Security Compliance Network Policies 242

The Citus Data

MARCH 31, 2023

A developer friend of mine prefers to read about what to expect at upcoming events in the narrative form of a blog, rather than having to click in and out of different abstracts on a schedule page. So what’s on the schedule at Citus Con: An Event for Postgres 2023 , exactly? And yes, Citus Con is virtual again this year!

Azure 85

Azure Open Source Virtualization Software Engineering 85

Tenable

MARCH 12, 2024

In 2022, Microsoft patched two EoP flaws in OMI ( CVE-2022-33640 and CVE-2022-29149 ), as well as an information disclosure vulnerability ( CVE-2023-36043 ) in November 2023. Successful exploitation requires an authenticated user to be enticed to connect to a malicious SQL database. and is rated critical.

Windows 123

Windows Azure Authentication Infrastructure 123

Prisma Clud

NOVEMBER 13, 2023

Make sure to connect with us at Booth #832 in Las Vegas November 27 through December 1, 2023. What’s more, we’ve lined up a series of activities at AWS re:Invent 2023 to enhance your cloud security knowledge. The restaurant, renowned for its authentic Italian and seafood offerings, is situated in St. We’ve so much to show you.

AWS 65

AWS Cloud DevOps Network 65

Perficient

JUNE 6, 2023

Purpose : Depending on your purpose (blog, e-commerce site, or corporate website) pick the top one that aligns with your goals. List of Top 7 Content Management Systems for Your Digital Success in 2023 Here is an overview of the best CMS solutions in 2023 based on their tech features, user experience, functionality, etc.

System 59

System Scalability Small Business Mobile 59