Spectre And Meltdown Still Haunting Intel/AMD
May 22, 2018The ongoing saga of the Spectre and Meltdown vulnerabilities has just taken a new turn. Discovered by Google Project Zero (GPZ) and Microsoft, the new variants affect everything from desktops, laptops...
May Vulnerability of the Month: Java Deserialization Everywhere
May 18, 2018Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability of the mo...
Advisory: Red Hat DHCP Client Command Injection Trouble
May 17, 2018On May 15, Red Hat disclosed a critical vulnerability in a script included in NetworkManager for the Dynamic Host Configuration Protocol (DHCP) client on Red Hat Enterprise Linux (RHEL). The vulnerabi...
Advisory: Efail...PGP Has an Email Problem?
May 14, 2018Email continues to be one of the most popular ways to communicate in the world today. And given the rapidly evolving threat landscape, email encryption has never been more critical. Pretty Good Privac...
Advisory: Intel...Simply Misunderstood?
May 11, 2018To close numerous security gaps, Microsoft, Adobe, Apple, Red Hat, Xen, VMware and other vendors have released a number of patches in the first 10 days of May. We discussed some of these in our recent...
Tenable Research: April Vulnerability Disclosure Roundup
May 11, 2018table { font-size: 1em; } .blog__container table p:first-child { font-size: 1em; } Tenable Research has a dedicated team that performs vulnerability research on software and hardware fro...
Microsoft May Madness
May 9, 2018Patch Tuesday was anything but typical in the month of May. On May 8, Microsoft released security patches for a total of 67 vulnerabilities, addressing 21 critical vulnerabilities, 42 important and fo...
Tenable Research Advisory: Critical Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerability
May 2, 2018Tenable Research recently discovered a new remote code execution vulnerability in Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition. The applications contain an overflow condi...
Critical Oracle WebLogic Server Flaw Still Not Patched
May 1, 2018One of the many issues that should have been addressed by Oracle’s Critical Patch Update for April 2018 was a fix for a flaw affecting versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 of the O...
Why Are You Still Using IE? Double Kill Is Just the Latest Issue
April 27, 2018[UPDATE] When we released this warning over a week ago, we suspected it might gain traction and become a bigger issue. As expected, Microsoft addressed this vulnerability on Patch Tuesday. Of the many...
April Vulnerability of the Month: Password Free-for-All Via Samba Active Directory Domain Controller Vulnerability
April 27, 2018Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability of the mo...
Cyber Exposure Meets Political Practicality
April 24, 2018CyberScoop’s Opportunities for Improving Cybersecurity Visibility at State & Local Government Agencies is an outstanding summary of the current state of cyber preparedness in state and local...