Tenable Blog

CISA warns that foreign threat actors from China and Iran are routinely targeting unpatched vulnerabilities across government agencies and U.S.-based networks.

Background

On September 14 and September 15, the Cybersecurity Infrastructure Security Agency (CISA) published two separate alerts detailing malicious activity from foreign threat actors:

Security researchers reveal how the cryptographic authentication scheme in Netlogon can be exploited to take control of a Windows domain controller (DC).

Update: September 21, 2020: The ‘Identifying Affected Systems’ section has been updated to include instructions for our new unauthenticated check for Zerologon.

Update: October 02, 2020: The ‘Identifying Affected Systems’ section has been updated to highlight the release of the Zerologon scan template for Nessus and Tenable.io.

To avoid exposure to a variety of web application vulnerabilities, specific security considerations must be made when implementing Cross-Origin Resource Sharing

Today’s modern web applications rely heavily on JavaScript to be dynamic, and ensure the best experience for end-users. Providing content and data to the users often requires interactions with other web applications, which include cross-domain requests and an additional configuration step on the application side known as a Cross-Origin Resource Sharing (CORS) policy.

For the fourth month in a row, Microsoft patches over 120 CVEs, addressing 129 CVEs in its September release.

Update September 10, 2020: Updated the section for CVE-2020-16875 to account for a revision made by Microsoft to the description for this vulnerability.

Attackers have begun to target a vulnerability in a popular WordPress plugin with over 700,000 active installations, attempting to inject malicious code.

Update September 10, 2020: Updated the Title and Analysis sections of the blog to include the CVE identifier for this vulnerability, which was published to NVD on September 9.