Tenable Blog

New cybersecurity compliance rules passed by the European Parliament compel industrial organizations to finally confront the growing cyber threat.

On May 10, 2018, the Network and Information System (NIS) directive became law in the European Union. In it, operators of essential services (OES) and digital service providers (DSPs) are required to abide by certain newly enforced compliance edicts. 

In part one of our six-part blog series on improving your cybersecurity strategy, we discuss how the industry’s reliance on a hyper-compartmentalized approach is making everyone less secure, and we share the four key questions every CISO should able to answer.

Newly identified Xbash malware is targeting weak passwords and unpatched vulnerabilities on Linux and Windows systems to launch ransomware or cryptomining attacks.

Background

Unit 42, Palo Alto Network’s research team, recently blogged about a new malicious software (malware) family it’s calling Xbash. This newly identified malware targets Linux and Windows systems that have weak passwords and unpatched vulnerabilities.

Tenable Research has discovered a critical vulnerability named Peekaboo permitting remote code execution in IoT network video recorders for video surveillance systems that would allow attackers to remotely view feeds and tamper with recordings. On September 19, NUUO released version 3.9.1 to address the Peekaboo vulnerability. Affected users are urged to update their NVRMini2 devices as soon as possible. The update can be downloaded from their website here.

A researcher has discovered a cross-site scripting vulnerability caused by mishandling of a PHP header in Apache version 2.x. Upgrade PHP and review privileges for applications and services using it.