Microsoft May Madness

Microsoft May Madness

/
Patch Tuesday was anything but typical in the month of May. On May 8, Microsoft released security patches for a total of 67 vulnerabilities, addressing 21 critical vulnerabilities, 42 important and four low-severity, while Adobe addressed a critical flaw in Adobe Flash Player. This is a big push from Microsoft ... Read More
Critical Oracle WebLogic Server Flaw Still Not Patched

Critical Oracle WebLogic Server Flaw Still Not Patched

/
One of the many issues that should have been addressed by Oracle’s Critical Patch Update for April 2018 was a fix for a flaw affecting versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 of the Oracle WebLogic Server (WLS) Java Enterprise Edition (EE) application server. This vulnerability, which has been assigned CVE-2018-2628 ... Read More
Cyber Actors Targeting Network Infrastructure Devices – What You Need to Know

Cyber Actors Targeting Network Infrastructure Devices – What You Need to Know

/
Based on the recent surge of attacks on network devices by Russian state-sponsored cyber actors, the US-CERT has released Technical Alert (TA18-106A). As of now, targets being attacked are primarily government and private-sector organizations, critical infrastructure providers and the internet service providers (ISPs) that support U.S. infrastructure. Tenable has warned ... Read More
Critical Drupal Core Vulnerability: What You Need to Know

Critical Drupal Core Vulnerability: What You Need to Know

Drupal is popular, free and open-source content management software. On March 28, the Drupal security team released patches for CVE-2018-7600, an unauthenticated remote code execution vulnerability in Drupal core. The vulnerability affects Drupal versions 6, 7 and 8. Patches have been released for versions 7.x, 8.3.x, 8.4.x and 8.5.x. No ... Read More
SamSam Ransomware: How to Identify and Mitigate the Risk

SamSam Ransomware: How to Identify and Mitigate the Risk

As many news outlets have reported, Atlanta is recovering from an attack on its city computers that occurred on the morning of March 22. Initial reports stated and later confirmed that SamSam ransomware, also known as Samas and SamSamCrypt, was at play. SamSam ransomware exploits older, unpatched JBoss system and ... Read More
Patching Makes Perfect

Patching Makes Perfect

/
Malware and ransomware are a big topic these days, especially with the recent releases of WannaCry and Petya variants.Typically, when I read about new malware my first thought is, “How can I stop the infection from happening in the first place?” Tenable.io™, the first Cyber Exposure platform, answers that question ... Read More