Oracle Critical Patch Update for October 2020 Addresses 402 Security Updates
October 21, 2020Oracle’s latest Critical Patch Update surpasses the 400 mark for the second time this year with 402 security patches addressing 230 CVEs, including numerous critical vulnerabilities in Oracle Fusion M...
Writing Security Advisories: 5 Best Practices For Vendors
October 15, 2020To maximize the impact of your security advisories, here are some key steps vendors can take to support automated workflows and timely remediation efforts. Over the years we’ve seen every variat...
Microsoft’s October 2020 Patch Tuesday Addresses 87 CVEs including “Bad Neighbor” Windows TCP/IP Vulnerability (CVE-2020-16898)
October 13, 2020For the first time in seven months, Microsoft patches less than 100 CVEs, addressing 87 CVEs in its October release. Microsoft patched 87 CVEs in the October 2020 Patch Tuesday release, including 11 ...
New to Chatbots? Understand Your Security Risk
September 30, 2020With the increasing use of chatbots as a frontline tool for businesses, organizations need to take a closer look at the security of such services and include them in their threat model. Chatbots are ...
US Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched Vulnerabilities
September 17, 2020CISA warns that foreign threat actors from China and Iran are routinely targeting unpatched vulnerabilities across government agencies and U.S.-based networks. Background On September 14 and Septemb...
Understanding Cross-Origin Resource Sharing Vulnerabilities
September 11, 2020To avoid exposure to a variety of web application vulnerabilities, specific security considerations must be made when implementing Cross-Origin Resource SharingToday’s modern web applications rely hea...
Microsoft’s September 2020 Patch Tuesday Addresses 129 CVEs
September 8, 2020For the fourth month in a row, Microsoft patches over 120 CVEs, addressing 129 CVEs in its September release. Update September 10, 2020: Updated the section for CVE-2020-16875 to account for a revisi...
TikTok Ad Scams: Insufficient Moderation Leaves 'For You' Page Filled with Dubious Apps, Products and Services
September 3, 2020TikTok’s popular “#ForYou” page has become a habitat for scammers peddling fake mobile applications, diet pills, drop-shipped goods, fake gift cards and more. The fate of TikTok’s operations in the U....
CVE-2020-5776, CVE-2020-5777: Multiple Vulnerabilities in the MAGMI Magento Mass Import Plugin
September 1, 2020Tenable Research discovers multiple vulnerabilities in the MAGMI Magento plugin that could lead to remote code execution on a vulnerable Magento site. Background On September 1, we published TRA-202...
Ripple20: More Vulnerable Devices Discovered, Including New Vendors
August 4, 2020A partnership between Tenable and JSOF continues to uncover additional devices vulnerable to Ripple20. Update September 9, 2020: The Affected Vendors section has been updated based on feedback from v...
Microsoft’s July 2020 Patch Tuesday Addresses 123 CVEs Including Wormable Windows DNS Server RCE (CVE-2020-1350) (SIGRed)
July 14, 2020Microsoft addresses 123 CVEs, including CVE-2020-1350, a wormable remote code execution vulnerability in Windows DNS Server dubbed “SIGRed.” For the fifth month in a row, Microsoft has patched over 1...
Tenable Research Discloses Multiple Vulnerabilities in Plex Media Server
June 16, 2020Tenable Research discovered multiple vulnerabilities in Plex Media Server, a popular media streaming and sharing service, that could allow attackers to gain full system privileges and access to person...