Tenable Blog

Clement Lecigne of Google’s Threat Analysis Group has reported exploitation of an Internet Explorer vulnerability, CVE-2018-8653, prompting an out-of-band patch from Microsoft.

Background

On December 19, Microsoft released a critical out-of-band (OOB) patch for a remote code execution (RCE) vulnerability in Internet Explorer (IE). This vulnerability affects all versions of IE including Windows 7, Windows 8.1, Windows 10, Windows Server 2008 (Internet Explorer 9), Windows Server 2012 (Internet Explorer 10), Windows Server 2016 and Windows Server 2019.

Researchers disclosed a remote code execution vulnerability in SQLite affecting Google Chromium-based browsers as well as the Google Home smart speaker.

Background

On December 14, researchers from Tencent’s Blade Team published an advisory regarding their discovery of “Magellan,” a remote code execution vulnerability in SQLite.

Tenable Research investigates compliance standards for EHR applications in the US healthcare industry and discusses possible gaps in the coverage of these standards. Real world examples are provided to demonstrate potential security impact.

In the wake of new compliance guidelines, now is the time for critical infrastructure organizations to upgrade their industrial security posture.

National security for any nation depends on the reliability and continuous operations of its critical infrastructure. Increased complexity and connectivity of critical infrastructure systems are exposing them to cybersecurity threats which put their safety and reliability at risk.

Patches are available for a critical privilege escalation flaw (CVE-2018-1002105) in the open-source container orchestration system, Kubernetes.

Background

On December 3, details about a privilege escalation vulnerability in Kubernetes, the popular open source container orchestration system, were publicly disclosed by the Kubernetes team. Kubernetes is used to automate the deployment, scaling, and management of containerized applications.