Tenable – Page 15 – WindowsTechs.com

Patch Tuesday, November 2020 Edition

Posted on November 11, 2020 by BrianKrebs

Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft’s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug. Continue reading Patch Tuesday, November 2020 Edition→

Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)

Posted on October 16, 2020 by Zeljka Zorz

Earlier this week SonicWall patched 11 vulnerabilities affecting its Network Security Appliance (NSA). Among those is CVE-2020-5135, a critical stack-based buffer overflow vulnerability in the appliances’ VPN Portal that could be exploited to cau… Continue reading Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)→

Tenable Lumin updates enable orgs to predict which vulnerabilities pose the greatest business risk

Posted on October 6, 2020 by Industry News

Tenable announced new Tenable Lumin innovations that empower customers to align business objectives with cybersecurity initiatives. The latest enhancements to the Cyber Exposure Management Platform enable organizations to predict which vulnerabilities … Continue reading Tenable Lumin updates enable orgs to predict which vulnerabilities pose the greatest business risk→

Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw

Posted on September 24, 2020 by BrianKrebs

Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft’s warning comes just days after the U.S. Department of Homeland Security issued an emergency directive instructing all federal agencies to patch the vulnerability by Sept. 21 at the latest. Continue reading Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw→

WordPress Plugin Flaw Allows Attackers to Forge Emails

Posted on September 11, 2020 by Lindsey O'Donnell

The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites. Continue reading WordPress Plugin Flaw Allows Attackers to Forge Emails→

Microsoft Patch Tuesday, Sept. 2020 Edition

Posted on September 8, 2020 by BrianKrebs

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. Continue reading Microsoft Patch Tuesday, Sept. 2020 Edition→

September 2020 Patch Tuesday: Microsoft fixes over 110 CVEs again

Posted on September 8, 2020 by Zeljka Zorz

On this September 2020 Patch Tuesday: Microsoft has plugged 129 security holes, including a critical RCE flaw that could be triggered by sending a specially crafted email to an affected Exchange Server installation Adobe has delivered security updates … Continue reading September 2020 Patch Tuesday: Microsoft fixes over 110 CVEs again→

TikTok scrubs ads promoting diet pills, fake apps after Tenable report

Posted on September 3, 2020 by Jeff Stone

Silly scammers, TikTok is for kids. The video-sharing app, which claims some 49 million daily active users in the U.S., said Thursday it removed an array of advertisements from its central #ForYou page that marketed suspicious diet pills, fake mobile apps and other inauthentic services. The removal came after researchers from the security firm Tenable alerted TikTok about an ecosystem of promotions that aim to defraud users out of money, trick them into downloading shady apps or collect their personally identifiable information. Some ads promise to compensate users who download mobile apps and run those programs for three minutes, a tactic that allows attackers to subvert security controls. Other messaging masquerades as news articles, apparently from CNN or Fox News, that include celebrities marketing “free” weight loss pills. “Scammers see [TikTok] users as a means to an end – the goal is to prey on consumer insecurities and desires to […]

The post TikTok scrubs ads promoting diet pills, fake apps after Tenable report appeared first on CyberScoop.

Continue reading TikTok scrubs ads promoting diet pills, fake apps after Tenable report→

Potential Apache Struts 2 RCE flaw fixed, PoCs released

Posted on August 17, 2020 by Zeljka Zorz

Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability (CVE-2019-0230) and PoC exploits for it have been published. About the vulner… Continue reading Potential Apache Struts 2 RCE flaw fixed, PoCs released→

Microsoft Patch Tuesday, August 2020 Edition

Posted on August 11, 2020 by BrianKrebs

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s … Continue reading Microsoft Patch Tuesday, August 2020 Edition→