CTO Universe

CVE-2023-20269: Zero-Day Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Reportedly Exploited by Ransomware Groups

Tenable

SEPTEMBER 11, 2023

SSL VPNs continue to provide a reliable doorway for attacks For the last few years, the Tenable Security Response Team (SRT) has been warning that SSL VPNs are an ideal and reliable doorway for attackers to breach organizations. Learn more about Tenable One , the Exposure Management Platform for the modern attack surface.

Groups

Groups Report Authentication Software Review

CVE-2023-41064, CVE-2023-4863, CVE-2023-5129: Frequently Asked Questions for ImageIO and WebP/libwebp Zero-Day Vulnerabilities

Tenable

SEPTEMBER 27, 2023

Background The Tenable Security Response Team has put together this blog to answer frequently asked questions (FAQ) to help provide clarity around recently disclosed vulnerabilities including CVE-2023-41064, CVE-2023-4863 and CVE-2023-5129 in an open source library called libwebp. What is WebP or libwebp?

Open Source

Open Source Spyware Operating System Systems Review

Frequently Asked Questions on Security Incident at AnyDesk

Tenable

FEBRUARY 2, 2024

Background The Tenable Security Response Team has put together this blog to answer frequently Asked Questions (FAQ) regarding a security incident at AnyDesk. AnyDesk did not share any specifics in its post about what information may have been exposed during the attack, only noting that they found evidence of “compromised production systems.”

Windows

Windows Linux Report System

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security

Tenable

APRIL 19, 2024

To get more details, check out: The Protobom announcement “ CISA, DHS S&T and OpenSSF Announce Global Launch of Software Supply Chain Open Source Project ” The Protobom home page and Github page For more information on SBOMs: “ CISA, NSA push SBOM adoption to beef up supply chain security ” (Tenable) “ What is a software bill of materials (SBOM)?

Artificial Inteligence

Artificial Inteligence Trends Technical Advisors Analysis

Tenable Rated Highest Among 'Customers’ Choice' Vendors in Product Capabilities in the 2020 Gartner Peer Insights 'Voice of the Customer' Report

Tenable

JULY 13, 2020

We’re proud that Tenable was rated the highest of all 2020 “Customers' Choice” vendors in Product Capabilities with a 4.7 We think this shows Tenable’s breadth of reach and the diversity of customers that have provided positive reviews of our products. . Reducing Cyber Exposure Through Tenable Solutions".

Report

Report Systems Review Transportation Systems Administration

Oracle October 2021 Critical Patch Update Addresses 231 CVEs

Tenable

OCTOBER 20, 2021

This CPU contains fixes for 231 CVEs in 419 security updates across 28 Oracle product families. This quarter, the Oracle Communications product family contained the highest number of patches at 71, accounting for 17% of the total patches, followed by Oracle MySQL at 66 patches, which accounted for 15.8% Apache Commons IO.

Database Administration

Database Administration Backup Construction Business Analytics

CVE-2020-3566, CVE-2020-3569: Zero-Day Vulnerabilities in Cisco IOS XR Software Targeted in the Wild

Tenable

SEPTEMBER 1, 2020

Cisco warns of two zero-day denial-of-service vulnerabilities in its IOS XR Software actively exploited in the wild. On August 29, 2020, Cisco published an advisory regarding a zero-day denial-of-service (DoS) vulnerability in its Cisco IOS XR Software. Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability Advisory.

Software

Software Data Center Hardware Operating System

Sea Turtle DNS Hijacking Campaign Utilizes At Least Seven Patched Vulnerabilities

Tenable

APRIL 19, 2019

Cisco Product-Related Vulnerabilities: CVE-2017-3881 - Telnet Bug in Cluster Management Protocol for Cisco IOS and IOS XE. CVE-2017-6736 - Buffer Overflow in the Simple Network Management Protocol (SNMP) for Cisco IOS and IOS XE. Join Tenable's Security Response Team on the Tenable Community.

Internet

Internet Analysis Research Infrastructure

Thrangrycat: Vulnerabilities in Cisco Secure Boot and Cisco IOS XE (CVE-2019-1649, CVE-2019-1862)

Tenable

MAY 14, 2019

Researchers identify vulnerabilities in Cisco Secure Boot process and Cisco IOS XE devices that could reportedly be chained together for significant impact. On May 13, Cisco published two security advisories for vulnerabilities in Cisco Secure Boot and Cisco IOS XE. Cisco IOS XE Software Web UI Command Injection Vulnerability.

Hardware

Hardware Authentication Report Research

CDPwn: Cisco Discovery Protocol Vulnerabilities Disclosed by Researchers

Tenable

FEBRUARY 5, 2020

Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability. Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability. They’ve identified a list of vulnerable and not vulnerable products. Join Tenable's Security Response Team on the Tenable Community.

Research

Research Software Review Systems Review Firewall

Oracle October 2022 Critical Patch Update Addresses 179 CVEs

Tenable

OCTOBER 19, 2022

This CPU contains fixes for 179 CVEs in 370 security updates across 27 Oracle product families. This quarter, the Oracle Communications product family contained the highest number of patches at 74, accounting for 20% of the total patches, followed by Oracle Fusion Middleware with 56 patches, which accounted for 15.14% of the total patches.

Airlines

Airlines Database Administration Big Data Authentication

Cybersecurity Snapshot: U.S., U.K. Governments Offer Advice on How To Build Secure AI Systems

Tenable

DECEMBER 1, 2023

This week, the California Privacy Protection Agency published a draft of proposed rules governing “automated decision-making technology” (ADMT) systems, including those that use AI.

Artificial Inteligence

Artificial Inteligence Systems Review Government System

Apple iPhone and iPad Devices Vulnerable After Reintroduction of SockPuppet Flaw in iOS 12.4 (CVE-2019-8605)

Tenable

AUGUST 20, 2019

Previously disclosed and patched flaw was reintroduced in iOS 12.4, is NOW OUT with iOS 12.4 is NOW OUT with iOS 12.4 Earlier this year, security researcher Ned Williamson discovered and reported CVE-2019-8605 , a use-after-free vulnerability dubbed “SockPuppet” in the XNU kernel for both iOS and macOS. iOS Version.

Software Review

Software Review Mobile Systems Review Research

CVE-2019-12643: Critical Authentication Bypass Vulnerability in REST API Container for Cisco IOS XE

Tenable

AUGUST 29, 2019

Cisco releases ten advisories, including one critical advisory impacting Cisco IOS XE devices with the REST API Container enabled. On August 28, Cisco released 10 advisories to address vulnerabilities across multiple products, including Cisco NX-OS and FXOS, Nexus 9000 Series Fabric Switches and Unified Computing System (UCS) Fabric.

Authentication

Authentication Virtualization Software Analysis

Multiple Zero-Day Vulnerabilities in iOS Mail App Exploited in the Wild

Tenable

APRIL 22, 2020

Patches for a pair of critical iOS vulnerabilities are currently in beta, as users are strongly encouraged to disable accounts in their Mail app until the fixes are generally available. On April 20, researchers at ZecOps published a blog post about their discovery of multiple zero-day vulnerabilities in the iOS Mail app. Background.

Research

Research Mobile Internet Analysis

Cybersecurity Snapshot: 6 Things That Matter Right Now

Tenable

AUGUST 19, 2022

Ransomware Preparedness: Why Organizations Should Plan for Ransomware Attacks Like Disasters ” (Tenable). “ Check out the table below for the vulnerabilities and read the blog post to get detailed analysis and insights, including: 14 of the 17 vulnerabilities are in Microsoft products. Source: Tenable Research, August 2022.

IoT

IoT Malware Windows Guidelines

Asset Detection with Nessus Scanners: The First Step In Assessing Cyber Risk

Tenable

FEBRUARY 16, 2021

Note that Nessus scanners mainly focus on the IT space, including shadow IT assets, while OT assets are covered by other Tenable products, such as Tenable.ot. For example, Cisco IOS detection ( 47864 ) pulls information from remote SNMP plugins ( 10800 , 10969 ), and also from local enumerators ( 12634 ). Source: Tenable.

SMB

SMB Windows Linux Metrics

Product Newsletter July 2021

Ivanti

JULY 27, 2021

Product updates and releases covered in this newsletter: Service & Asset Management. Extended Products Group. Find more Service and Asset Management documentation in the Product Documentation section of the Ivanti website. The release highlights include: Improved Security with additional features in Android and iOS.

Windows

Windows Groups Network Machine Learning

TikTok Ad Scams: Insufficient Moderation Leaves 'For You' Page Filled with Dubious Apps, Products and Services

Tenable

SEPTEMBER 3, 2020

Once a user downloads the application on their iOS device, they are initially prompted with a page that looks just like the one in the App Store. This section incentivizes users to purchase products from Amazon using their own money. Free” offers that come with a price: diet pills and other suspect products and services.

Advertising

Advertising Software Review Technical Review Video

CTO Universe

CVE-2023-20269: Zero-Day Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Reportedly Exploited by Ransomware Groups

CVE-2023-41064, CVE-2023-4863, CVE-2023-5129: Frequently Asked Questions for ImageIO and WebP/libwebp Zero-Day Vulnerabilities

Webinars

Trending Sources

Frequently Asked Questions on Security Incident at AnyDesk

Webinars

Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security

Tenable Rated Highest Among 'Customers’ Choice' Vendors in Product Capabilities in the 2020 Gartner Peer Insights 'Voice of the Customer' Report

Oracle October 2021 Critical Patch Update Addresses 231 CVEs

CVE-2020-3566, CVE-2020-3569: Zero-Day Vulnerabilities in Cisco IOS XR Software Targeted in the Wild

Sea Turtle DNS Hijacking Campaign Utilizes At Least Seven Patched Vulnerabilities

Thrangrycat: Vulnerabilities in Cisco Secure Boot and Cisco IOS XE (CVE-2019-1649, CVE-2019-1862)

CDPwn: Cisco Discovery Protocol Vulnerabilities Disclosed by Researchers

Oracle October 2022 Critical Patch Update Addresses 179 CVEs

Cybersecurity Snapshot: U.S., U.K. Governments Offer Advice on How To Build Secure AI Systems

Apple iPhone and iPad Devices Vulnerable After Reintroduction of SockPuppet Flaw in iOS 12.4 (CVE-2019-8605)

CVE-2019-12643: Critical Authentication Bypass Vulnerability in REST API Container for Cisco IOS XE

Multiple Zero-Day Vulnerabilities in iOS Mail App Exploited in the Wild

Cybersecurity Snapshot: 6 Things That Matter Right Now

Asset Detection with Nessus Scanners: The First Step In Assessing Cyber Risk

Product Newsletter July 2021

TikTok Ad Scams: Insufficient Moderation Leaves 'For You' Page Filled with Dubious Apps, Products and Services

Stay Connected