Tenable Blog

Critical unpatched “wormable” remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3), dubbed EternalDarkness, disclosed by Microsoft.

Update 03/13/2020: The Proof-of-concept section has been updated to reflect the public availability of an exploit script that can trigger a crash on a vulnerable system.

When it comes to automotive manufacturing, industrial control systems (ICS) may be the weak link inviting new types of attacks. Here’s what you need to know.

Auto manufacturing has become an increasingly popular target today for industrial cyberattacks. Since 2016, the number of annual incidents has increased by 605%, with incidents more than doubling in 2019 alone.¹ One reason – advances and changes in OT have opened up new attack vectors and surfaces. 

Multiple widely used Linux distributions are impacted by a critical flaw that has existed in pppd for 17 years.

Background

On March 4, researchers at the CERT Coordination Center (CERT/CC) published vulnerability note #782301 for a critical vulnerability in the Point-to-Point Protocol Daemon (pppd) versions 2.4.2 through 2.4.8, with disclosure credited to Ilja van Sprundel of IOActive.

At Tenable, we like to say, “What we do matters.” This commitment doesn’t only apply to our cybersecurity solutions, but also our culture. We care about what we do, each other and the communities we serve.

Last year, I cofounded Tenable’s first-ever Diversity and Inclusion Council, which brings together company leaders who believe in creating an environment that:

The year 2020 is shaping up to be a pivotal one for the U.S. Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program as it takes significant steps toward realizing the program vision of empowering federal agencies to make informed cybersecurity risk decisions and fix their worst problems first.