Oracle JavaVM Database Takeover
August 15, 2018A new vulnerability discovered in the Oracle Database JavaVM component can result in complete database compromise and shell access to the underlying server. Background Oracle released an out-of...
Foreshadow: Speculative Execution Attack Targets Intel SGX
August 14, 2018A flaw in Intel’s Software Guard Extensions implementation allows an attacker to access data stored in memory of other applications running on the same host, without the need for privilege escalation....
Faxsploit Allows Remote Code Execution Through HP All-in-One Printers
August 14, 2018A new exploit demonstrated by Checkpoint Research at DEF CON last week leverages vulnerabilities in all-in-one printers, potentially allowing attackers to take control of other devices on the network....
Underminer Exploit Kit: How Tenable Can Help
July 31, 2018The “Underminer” exploit kit is having widespread impact in Asian countries, particularly Japan. Thankfully, mitigation is relatively simple and involves patching and other well-known security best pr...
Cisco Issues Patches for 4 Critical Vulnerabilities in Cisco Policy Suite
July 21, 2018Cisco’s Policy Suite for Mobile controls billing and access control for customer devices. Root access to this suite is concerning because of the breadth of user device access. The latest batch of ...
Cisco ASA Exploited in the Wild; FXOS, NX-OS Get High-Priority Patches
June 26, 2018Cisco released a high-severity patch update for CVE-2018-0296 on June 22 which affects the Adaptive Security Appliance (ASA). There’s no time to waste in deploying this patch, as the company&rsq...
Apple Code-Signing Flaw: Developers Beware
June 13, 2018Okta’s Research and Exploitation team released details on June 12 about an issue with third-party code-signing validation using Apple’s APIs. The flaw, which dates back to 2005, makes it p...
Critical Cisco Secure Access Control System (ACS) Vulnerability
June 8, 2018Researchers at Positive Technologies discovered a serious flaw (CVE-2018-0253) in Cisco’s Secure Access Control System (ACS). System administrators use Cisco ACS to authenticate users across the...
Adobe Flash Player Has (Another) Critical Zero-Day Vulnerability
June 7, 2018The Adobe Flash Player is widely adopted and a choice target for attackers given its history with vulnerabilities and the potential footprint exploits can have. Adobe consistently provides security up...
Zip Slip Critical Archive Extraction Vulnerability
June 6, 2018Yesterday, the Snyk Security team released information about a widespread archive extraction vulnerability known as Zip Slip. Zip Slip allows cyberattackers to write arbitrary files on the system, pot...
Tenable Research Advisory: Critical Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerability
May 2, 2018Tenable Research recently discovered a new remote code execution vulnerability in Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition. The applications contain an overflow condi...
Critical Oracle WebLogic Server Flaw Still Not Patched
May 1, 2018One of the many issues that should have been addressed by Oracle’s Critical Patch Update for April 2018 was a fix for a flaw affecting versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 of the O...