Tenable

NOVEMBER 4, 2020

SaltStack recommends immediate patching after their disclosure of three new vulnerabilities, two of which are rated critical and can be remotely exploited without authentication.". CVE-2020-16846 is a critical shell injection vulnerability in the netapi Salt SSH client. Background. Image Source: SaltStack Github Repository.

Authentication 106

Authentication Software Review Systems Review Analysis 106

Tenable

MAY 3, 2020

Salt utilizes a “master” server that controls agents known as “minions" that collect data for the system and carries out tasks. CVE-2020-11651 is an authentication bypass in two methods of the ClearFuncs class. CVE-2020-11652 is a directory traversal security flaw in the “wheel” module that is used to read and write files.

Technical Advisors 106

Technical Advisors Open Source Software Review Systems Review 106

Tenable

SEPTEMBER 8, 2020

Microsoft patched 129 CVEs in the September 2020 Patch Tuesday release, including 23 CVEs rated critical. CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1460 | Microsoft SharePoint Remote Code Execution Vulnerability.

Software Review 115

Software Review Systems Review Windows Internet 115

Tenable

DECEMBER 8, 2020

The final Patch Tuesday of 2020 includes fixes for 58 CVEs, including workaround details for a severe vulnerability in Windows DNS Resolver called SAD DNS. Microsoft patched 58 CVEs in the December 2020 Patch Tuesday release, including 9 CVEs rated as critical. CVE-2020-25705 | Windows DNS Resolver Spoofing Vulnerability.

Software Review 108

Software Review Windows Systems Review Azure 108

Tenable

SEPTEMBER 10, 2020

PAN-OS devices that have enabled the captive portal or multi-factor authentication features are vulnerable to a critical buffer overflow flaw. On September 9, Palo Alto Networks (PAN) published nine security advisories for a series of vulnerabilities affecting PAN-OS , a custom operating system (OS) found in PAN’s next-generation firewalls.

Software Review 112

Software Review Systems Review Authentication Firewall 112

Tenable

JANUARY 2, 2020

Cisco kicks off 2020 with 12 CVEs in Cisco Data Center Network Manager, including three critical authentication bypass vulnerabilities. A total of 12 vulnerabilities were found and reported to Cisco, 11 of which were discovered by Steven Seeley of Source Incite. (@steventseeley) January 2, 2020. steventseeley) January 2, 2020.

Data Center 19

Data Center Authentication Network Software Review 19

Tenable

APRIL 8, 2021

In March 2021, the FBI and CISA observed APT actors scanning and enumerating publicly accessible Fortinet systems over ports 4443, 8443 and 10443. The agencies believe these APT actors are gathering a list of vulnerable systems in both the public and private sectors in preparation for future attacks. CVE-2020-12812.

Authentication 111

Authentication Systems Review Research Groups 111

TechCrunch

OCTOBER 19, 2021

BluePallet was founded in 2020 through the merger of then three-year-old chemical marketplace EchoSystem and Velloci, a fintech company. trillion industry in 2020. and Bruce Schechinger, former chairman of the National Association of Chemical Distributors. . Image Credits: CEO Scott Barrows / BluePallet.

Chemicals 240

Chemicals Industry Technical Review Fintech 240

Tenable

MARCH 6, 2020

pppd is a daemon on Unix-like operating systems used to manage PPP session establishment and session termination between two nodes. CVE-2020-8597 is a buffer overflow vulnerability in pppd due to a logic flaw in the packet processor of the Extensible Authentication Protocol (EAP). RHSA-2020:0631. RHSA-2020:0630.

Software Review 104

Software Review Systems Review Linux Authentication 104

Tenable

OCTOBER 13, 2020

Microsoft patched 87 CVEs in the October 2020 Patch Tuesday release, including 11 CVEs rated critical. CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability. CVE-2020-16898 , dubbed “Bad Neighbor,” is a critical remote code execution (RCE) vulnerability within the Windows TCP/IP stack.

Windows 106

Windows Software Review Systems Review Advertising 106

Tenable

FEBRUARY 11, 2020

Microsoft addresses a staggering 99 CVEs in the February 2020 Patch Tuesday release. CVE-2020-0673 and CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability. CVE-2020-0674 was first noted as being exploited in the wild in January , where Microsoft released an out-of-band advisory ( ADV200001 ).

Internet 108

Internet Software Review Windows Systems Review 108

Tenable

MAY 12, 2020

Microsoft addressed 111 CVEs in the May 2020 Patch Tuesday release, just short of the 113 CVEs seen in April. CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability. CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability. dll due to how objects are handled in memory.

Software Review 101

Software Review Systems Review Windows Transportation 101

ParkMyCloud

MAY 22, 2020

Based on recent recommendations given by experts in the field, we’ve put together this list of 10 of the best practices for 2020 to help you fully utilize and optimize your Azure environment. Vitor Montalvao, Azure Cost Optimization Best Practices , March 6, 2020. Robert Lyon, Best practices for Azure RBAC , April 17, 2020.

Azure 104

Azure Serverless Authentication Cloud 104

Tenable

SEPTEMBER 14, 2020

Security researchers reveal how the cryptographic authentication scheme in Netlogon can be exploited to take control of a Windows domain controller (DC). The blog post contains a whitepaper explaining the full impact and execution of the vulnerability, identified as CVE-2020-1472 , which received a CVSSv3 score of 10.0, Background.

Windows 118

Windows LAN Backup Authentication 118

Tenable

JULY 14, 2020

CVE-2020-6287 is caused by a complete lack of authentication in the SAP NetWeaver AS Java’s LM Configuration Wizard. An attacker could gain access to adm , the operating system user that has “unlimited access to all local resources related to SAP systems.” Publicly accessible NetWeaver AS JAVA systems.

Applications 100

Applications Software Review Systems Review Authentication 100

Tenable

NOVEMBER 10, 2020

Microsoft patched 112 CVEs in the November 2020 Patch Tuesday release, including 17 CVEs rated as critical. CVE-2020-17087 | Windows Kernel Local Elevation of Privilege Vulnerability. CVE-2020-17087 was used to escape Google Chrome’s sandbox in order to elevate privileges on the exploited system.

Windows 106

Windows Software Review Azure Systems Review 106

The Citus Data

JULY 28, 2020

SCRAM with channel binding is a variation of password authentication that is almost as easy to use, but much more secure. In basic password authentication, the connecting client simply sends the server the password. Basic password authentication has several weaknesses which are addressed with SCRAM and channel binding.

Authentication 107

Authentication How To Data Systems Review 107

TechCrunch

SEPTEMBER 23, 2021

The sizable seed round from strong investors is due to a few factors. With a lot of that experience covering payment systems based on cards and card networks, it was the perfect knowledge bank for understanding why open banking was such an important innovation, and why it had an opportunity to disrupt a lot of what’s in place today.

Banking 207

Banking Authentication Fintech Systems Review 207

Tenable

OCTOBER 21, 2020

On October 20, Oracle released the Critical Patch Update (CPU) Advisory for October 2020 , its final quarterly release of security patches for the year. This quarter’s update marks the second-highest count in Oracle CPUs, surpassed only by the July 2020 update which holds the record with over 440 patches. Notable Vulnerabilities.

Systems Review 103

Systems Review Applications Construction Insurance 103

PowerSchool

AUGUST 11, 2020

School closures due to COVID-19 have exposed issues like fragmented systems that don’t share data, hybrid schedule and attendance obstacles when juggling both in-class and online learning, adjustments to grading configurations mid-term, and more. What is a student information system and why is it important?

Systems Review 98

Systems Review System Disaster Recovery Backup 98

TechCrunch

DECEMBER 15, 2022

Seeking to bring greater security to AI systems, Protect AI today raised $13.5 Protect AI claims to be one of the few security companies focused entirely on developing tools to defend AI systems and machine learning models from exploits. Swanson suggests internal-use authentication tokens and other credentials, for one.

Machine Learning 223

Machine Learning Artificial Inteligence Software Review Systems Review 223

Tenable

OCTOBER 27, 2023

A critical authentication bypass vulnerability in F5’s BIG-IP could allow remote, unauthenticated attackers to execute system commands. Analysis CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE).

Authentication 77

Authentication Software Review Technical Review Systems Review 77

Firemon

MAY 30, 2020

Credentials need to be authenticated in context with other factors, such as geolocation, IP address, time zones, etc. Privileged access needs to reviewed regularly – for instance, during COVID-19 work-from-home restrictions, IP addresses and geolocations are going to be out of the norm. Tool interoperability shortcomings.

Network 105

Network Firewall Systems Review Software Review 105

Tenable

AUGUST 5, 2021

Pulse Secure has patched CVE-2021-22937, a patch bypass for CVE-2020-8260, in its Connect Secure products. Richard Warren with NCC Group has published a technical advisory for this flaw, explaining it is a patch bypass for CVE-2020-8260 which he disclosed in October 2020. Identifying affected systems. Background.

Software Review 122

Software Review Technical Review Authentication Systems Review 122

Tenable

JULY 6, 2020

Domain Name System (DNS). CVE-2020-5902 is a critical vulnerability in the BIG-IP Traffic Management User Interface (TMUI) also known as the Configuration Utility. The advisory states that the vulnerability could also “result in complete system compromise.”. Ben Goerz (@bengoerz) July 4, 2020. Link Controller.

Software Review 99

Software Review Technical Review Systems Review Research 99

Tenable

APRIL 27, 2020

According to Sophos, they were able to identify “an attack against physical and virtual XG Firewall units” after reviewing the report of a “suspicious field value” in the XG Firewall’s management interface. Sophos Firewall Operating System. Sophos Firewall Operating System. Sophos Firewall Operating System.

Firewall 102

Firewall WAN Operating System Systems Review 102

Tenable

JUNE 25, 2024

Progress Software has patched a high severity authentication bypass in the MOVEit managed file transfer (MFT) solution. Analysis CVE-2024-5806 is an authentication bypass vulnerability affecting the SSH File Transfer Protocol (SFTP) module in Progress MOVEit Transfer. before 2023.0.11 before 2023.1.6 before 2024.0.2

Authentication 72

Authentication Security Technical Review Software Review 72

Trigent

NOVEMBER 24, 2021

To deal with the disruptions caused due to the pandemic, organizations are now dependent on a highly available and scalable Electronic Data Interchange (EDI) more than ever before. during the forecast period 2020-2027. Why modernize your EDI system? Incorporate flexibility to scale with Modern EDI system architecture.

Systems Review 97

Systems Review System B2B Technical Review 97

Tenable

JUNE 16, 2020

Tenable Research discovered multiple vulnerabilities in Plex Media Server, a popular media streaming and sharing service, that could allow attackers to gain full system privileges and access to personal files. This type of service is very popular as people are homebound due to public health orders. CVE-2020-5742. CVE-2020-5741.

Media 99

Media Research Systems Review Software Review 99

Tenable

NOVEMBER 5, 2020

CVE-2020-14871 is a critical pre-authentication stack-based buffer overflow vulnerability in the Pluggable Authentication Module (PAM) in Oracle Solaris. PAM is a dynamic authentication component that was integrated into Solaris back in 1997 as part of Solaris 2.6. Hacker Fantastic (@hackerfantastic) November 3, 2020.

Authentication 77

Authentication Research Software Review Systems Review 77

Codegiant

JULY 18, 2020

The Complete Review [2020] I’ve created this “BitBucket vs GitHub” content piece to help you make a better decision when picking between the two. It boasts features like highlighted code comments and code reviews so you can easily enhance your software build by effectively communicating with your teammates. GitHub code reviews.

Software Review 59

Software Review Technical Review Systems Review UI/UX 59

TechCrunch

MARCH 12, 2021

Do you expect to see a surge in more founders coming from geographies outside major cities in the years to come, with startup hubs losing people due to the pandemic and lingering concerns, plus the attraction of remote work? Automation, AI, enabling remote, authentication. Huge potential. What’s your latest, most exciting investment?

Technical Review 272

Technical Review Software Review Systems Review Travel 272

Kaseya

MAY 18, 2020

However, this year’s 2020 MSP Benchmark Survey Results Report revealed that most of the needs of MSP customers seemed to go unheeded. whether it’s due to the lack of in-house expertise or the general lack of understanding of the business model?—MSPs These days, IT system failure or downtime can cost businesses millions.

Disaster Recovery 120

Disaster Recovery Backup Survey Compliance 120

Tenable

APRIL 12, 2024

Background On April 12, Palo Alto Networks released a security advisory for a critical command injection vulnerability affecting PAN-OS, the custom operating system (OS) Palo Alto Networks (PAN) uses in their next-generation firewalls. Affected Version Hotfix Release Version Expected Release Date PAN-OS 10.2 prior to 10.2.9-h1

Network 122

Network Firewall Software Review Systems Review 122

Tenable

MARCH 11, 2021

F5 releases patches for multiple vulnerabilities in BIG-IP and BIG-IQ, including a critical remote command execution flaw that does not require authentication and is likely to attract exploits in the near future. All four vulnerabilities require an attacker to be authenticated to the vulnerable system in order to exploit these flaws.

Software Review 100

Software Review Systems Review Authentication Policies 100

Tenable

OCTOBER 2, 2023

An unauthenticated (or pre-authenticated) attacker could exploit this vulnerability by sending a specially crafted POST request to a vulnerable WS_FTP Server. Successful exploitation would grant an attacker the ability to achieve remote command execution on the underlying operating system of the WS_FTP Server.

Software Review 125

Software Review Software Systems Review Authentication 125

Kaseya

NOVEMBER 9, 2020

Cybersecurity affects the everyday lives of most IT practitioners and IT leaders worldwide, with more than 50 percent of them citing “Improving IT Security” as a top priority in 2021 as per our 2020 IT Operations Survey Results Report. Two-Factor Authentication (2FA). Moreover, only about 45 percent have automated patch management.

Disaster Recovery 110

Disaster Recovery Backup Artificial Inteligence Technical Review 110