Tenable Blog

VMware issued an advisory about two uninitialized stack memory usage bugs and has released patches and updates for some versions of the affected software.

Background

On November 9, VMware published a security advisory to address a Guest-to-Host Escape vulnerability affecting VMware ESXi, Workstation and Fusion. The vulnerability was discovered and released by a security researcher at GeekPwn 2018, an annual security conference in Shanghai, China which took place in late October 2018. The researcher reported the vulnerability to VMware through GeekPwn.

Tenable Research set out to provide organizations with the real-world data they need to take a threat-centric approach to vulnerability management.

Insight into the true state of cyber exposure - how defenders are actually acting - not how they think or say they are, has so far been difficult to discern.

Apache Software Foundation announces a security update for Apache Struts to address a vulnerability in the Commons FileUpload library that could lead to remote code execution. We recommend updating now.

A researcher has disclosed a buffer overflow vulnerability in Apple’s XNU operating system kernel that allows attackers on a local network to reboot Apple’s iOS and macOS devices and could potentially lead to remote code execution.

New DemonBot malware uses Apache Hadoop exploit also used by XBash to launch exploitation attempts at a rate of one million a day to facilitate widespread DDoS.