Tenable

SEPTEMBER 1, 2020

On September 1, we published TRA-2020-51 , a Tenable Research Advisory for two vulnerabilities in the Magento Mass Import (MAGMI) plugin. CVE-2020-5776 is a cross-site request forgery (CSRF) vulnerability in MAGMI for Magento. CVE-2020-5777 is an authentication bypass vulnerability in MAGMI for Magento version 0.7.23

PHP 111

PHP Authentication Software Review Systems Review 111

Tenable

MARCH 17, 2020

CVE-2020-8467 is a vulnerability in Apex One and OfficeScan in a component of a migration tool. A remote, authenticated attacker could exploit this vulnerability and gain arbitrary code execution on affected Apex One and OfficeScan installations. Identifying affected systems. Multiple vulnerabilities exploited in the wild.

Trends 105

Trends Software Review Systems Review Authentication 105

Tenable

DECEMBER 8, 2020

The final Patch Tuesday of 2020 includes fixes for 58 CVEs, including workaround details for a severe vulnerability in Windows DNS Resolver called SAD DNS. Microsoft patched 58 CVEs in the December 2020 Patch Tuesday release, including 9 CVEs rated as critical. CVE-2020-25705 | Windows DNS Resolver Spoofing Vulnerability.

Software Review 108

Software Review Windows Systems Review Azure 108

Tenable

MAY 3, 2020

Salt utilizes a “master” server that controls agents known as “minions" that collect data for the system and carries out tasks. CVE-2020-11651 is an authentication bypass in two methods of the ClearFuncs class. CVE-2020-11652 is a directory traversal security flaw in the “wheel” module that is used to read and write files.

Technical Advisors 105

Technical Advisors Open Source Software Review Systems Review 105

Tenable

MAY 5, 2022

CVE-2022-1388: Authentication Bypass in F5 BIG-IP. F5 patched an authentication bypass in its BIG-IP product family that could lead to arbitrary command execution. The Security Response Team included CVE-2020-5902 among its top 5 vulnerabilities in the 2020 Threat Landscape Retrospective due to the scope of exploitation.

Authentication 52

Authentication Software Review Systems Review Hardware 52

Kaseya

APRIL 15, 2020

Here are the top 10 cybersecurity threats businesses face in 2020: Phishing Attacks. 1 This number, however, is likely to increase in 2020, with phishing attempts now being launched through cloud applications as opposed to traditional emails. 2020 will see the emergence of highly sophisticated and targeted ransomware attacks.

Malware 136

Malware Software Review Artificial Inteligence Systems Review 136

Tenable

SEPTEMBER 8, 2020

Microsoft patched 129 CVEs in the September 2020 Patch Tuesday release, including 23 CVEs rated critical. CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1460 | Microsoft SharePoint Remote Code Execution Vulnerability.

Software Review 115

Software Review Systems Review Windows Internet 115

Tenable

APRIL 8, 2021

In March 2021, the FBI and CISA observed APT actors scanning and enumerating publicly accessible Fortinet systems over ports 4443, 8443 and 10443. The agencies believe these APT actors are gathering a list of vulnerable systems in both the public and private sectors in preparation for future attacks. CVE-2020-12812.

Authentication 110

Authentication Systems Review Research Groups 110

Tenable

SEPTEMBER 10, 2020

PAN-OS devices that have enabled the captive portal or multi-factor authentication features are vulnerable to a critical buffer overflow flaw. On September 9, Palo Alto Networks (PAN) published nine security advisories for a series of vulnerabilities affecting PAN-OS , a custom operating system (OS) found in PAN’s next-generation firewalls.

Software Review 112

Software Review Systems Review Authentication Firewall 112

Tenable

OCTOBER 13, 2020

Microsoft patched 87 CVEs in the October 2020 Patch Tuesday release, including 11 CVEs rated critical. CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability. CVE-2020-16898 , dubbed “Bad Neighbor,” is a critical remote code execution (RCE) vulnerability within the Windows TCP/IP stack.

Windows 106

Windows Software Review Systems Review Advertising 106

Tenable

MAY 12, 2020

Microsoft addressed 111 CVEs in the May 2020 Patch Tuesday release, just short of the 113 CVEs seen in April. CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability. CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability. dll due to how objects are handled in memory.

Software Review 101

Software Review Systems Review Windows Transportation 101

Tenable

MARCH 6, 2020

pppd is a daemon on Unix-like operating systems used to manage PPP session establishment and session termination between two nodes. CVE-2020-8597 is a buffer overflow vulnerability in pppd due to a logic flaw in the packet processor of the Extensible Authentication Protocol (EAP). RHSA-2020:0631. RHSA-2020:0630.

Software Review 104

Software Review Systems Review Linux Authentication 104

Tenable

JULY 14, 2020

CVE-2020-6287 is caused by a complete lack of authentication in the SAP NetWeaver AS Java’s LM Configuration Wizard. An attacker could gain access to adm , the operating system user that has “unlimited access to all local resources related to SAP systems.” Publicly accessible NetWeaver AS JAVA systems.

Applications 100

Applications Software Review Systems Review Authentication 100

ParkMyCloud

MAY 22, 2020

Based on recent recommendations given by experts in the field, we’ve put together this list of 10 of the best practices for 2020 to help you fully utilize and optimize your Azure environment. Vitor Montalvao, Azure Cost Optimization Best Practices , March 6, 2020. Robert Lyon, Best practices for Azure RBAC , April 17, 2020.

Azure 104

Azure Serverless Authentication Cloud 104

Tenable

NOVEMBER 10, 2020

Microsoft patched 112 CVEs in the November 2020 Patch Tuesday release, including 17 CVEs rated as critical. CVE-2020-17087 | Windows Kernel Local Elevation of Privilege Vulnerability. CVE-2020-17087 was used to escape Google Chrome’s sandbox in order to elevate privileges on the exploited system.

Windows 106

Windows Software Review Azure Systems Review 106

Tenable

FEBRUARY 11, 2020

Microsoft addresses a staggering 99 CVEs in the February 2020 Patch Tuesday release. CVE-2020-0673 and CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability. CVE-2020-0674 was first noted as being exploited in the wild in January , where Microsoft released an out-of-band advisory ( ADV200001 ).

Internet 107

Internet Software Review Windows Systems Review 107

Codegiant

JULY 18, 2020

The Complete Review [2020] I’ve created this “BitBucket vs GitHub” content piece to help you make a better decision when picking between the two. It boasts features like highlighted code comments and code reviews so you can easily enhance your software build by effectively communicating with your teammates. GitHub code reviews.

Software Review 59

Software Review Technical Review Systems Review UI/UX 59

The Citus Data

JULY 28, 2020

SCRAM with channel binding is a variation of password authentication that is almost as easy to use, but much more secure. In basic password authentication, the connecting client simply sends the server the password. Basic password authentication has several weaknesses which are addressed with SCRAM and channel binding.

Authentication 107

Authentication How To Data Systems Review 107

Tenable

OCTOBER 21, 2020

On October 20, Oracle released the Critical Patch Update (CPU) Advisory for October 2020 , its final quarterly release of security patches for the year. This quarter’s update marks the second-highest count in Oracle CPUs, surpassed only by the July 2020 update which holds the record with over 440 patches. Notable Vulnerabilities.

Systems Review 103

Systems Review Applications Construction Insurance 103

Tenable

SEPTEMBER 14, 2020

Security researchers reveal how the cryptographic authentication scheme in Netlogon can be exploited to take control of a Windows domain controller (DC). The blog post contains a whitepaper explaining the full impact and execution of the vulnerability, identified as CVE-2020-1472 , which received a CVSSv3 score of 10.0, Background.

Windows 117

Windows LAN Backup Authentication 117

PowerSchool

AUGUST 11, 2020

School closures due to COVID-19 have exposed issues like fragmented systems that don’t share data, hybrid schedule and attendance obstacles when juggling both in-class and online learning, adjustments to grading configurations mid-term, and more. What is a student information system and why is it important?

Systems Review 98

Systems Review System Disaster Recovery Backup 98

Tenable

AUGUST 28, 2024

The second bug involves the assumption that filenames used within the system were system-generated and therefore trustworthy. An attacker can exploit these two bugs to execute remote shell commands without any prior authentication.

Software Review 73

Software Review Organization Technical Review Systems Review 73

Trigent

NOVEMBER 24, 2021

To deal with the disruptions caused due to the pandemic, organizations are now dependent on a highly available and scalable Electronic Data Interchange (EDI) more than ever before. during the forecast period 2020-2027. Why modernize your EDI system? Incorporate flexibility to scale with Modern EDI system architecture.

Systems Review 97

Systems Review System B2B Technical Review 97

Tenable

NOVEMBER 5, 2020

CVE-2020-14871 is a critical pre-authentication stack-based buffer overflow vulnerability in the Pluggable Authentication Module (PAM) in Oracle Solaris. PAM is a dynamic authentication component that was integrated into Solaris back in 1997 as part of Solaris 2.6. Hacker Fantastic (@hackerfantastic) November 3, 2020.

Authentication 76

Authentication Research Software Review Systems Review 76

Palo Alto Networks

OCTOBER 2, 2024

This system is popular across highly regulated industries and government agencies, such as critical infrastructure providers, healthcare institutions and even government bodies. A large number of systems containing this vulnerability were exposed to the internet. The vulnerability was rated a critical 9.8

Weak Development Team 106

Weak Development Team Software Review Malware Systems Review 106

Tenable

JULY 6, 2020

Domain Name System (DNS). CVE-2020-5902 is a critical vulnerability in the BIG-IP Traffic Management User Interface (TMUI) also known as the Configuration Utility. The advisory states that the vulnerability could also “result in complete system compromise.”. Ben Goerz (@bengoerz) July 4, 2020. Link Controller.

Software Review 99

Software Review Technical Review Systems Review Research 99

Tenable

DECEMBER 8, 2020

The vulnerability was disclosed by the NSA to VMware, which published details in a security advisory, VMSA-2020-0027.2 , on November 23. CVE-2020-4066 is a command injection vulnerability in the administrative configurator component in certain versions of VMware products. Exploiting CVE-2020-4006 to access protected data.

Linux 66

Linux Software Review Systems Review Windows 66

Tenable

JUNE 5, 2024

An advisory from Rockwell Automation reiterates the importance of disconnecting operational technology devices with public-facing internet access and patching and mitigating systems vulnerable to several flaws. This need also came at the cost of expanding the attack surface , which included the provisioning of OT systems for remote access.

Internet 69

Internet Software Review Systems Review Technical Review 69

Firemon

MAY 30, 2020

Credentials need to be authenticated in context with other factors, such as geolocation, IP address, time zones, etc. Privileged access needs to reviewed regularly – for instance, during COVID-19 work-from-home restrictions, IP addresses and geolocations are going to be out of the norm. Tool interoperability shortcomings.

Network 105

Network Firewall Systems Review Software Review 105

Tenable

AUGUST 5, 2021

Pulse Secure has patched CVE-2021-22937, a patch bypass for CVE-2020-8260, in its Connect Secure products. Richard Warren with NCC Group has published a technical advisory for this flaw, explaining it is a patch bypass for CVE-2020-8260 which he disclosed in October 2020. Identifying affected systems. Background.

Software Review 121

Software Review Technical Review Authentication Systems Review 121

Tenable

APRIL 27, 2020

According to Sophos, they were able to identify “an attack against physical and virtual XG Firewall units” after reviewing the report of a “suspicious field value” in the XG Firewall’s management interface. Sophos Firewall Operating System. Sophos Firewall Operating System. Sophos Firewall Operating System.

Firewall 101

Firewall WAN Operating System Systems Review 101

Tenable

APRIL 12, 2024

Background On April 12, Palo Alto Networks released a security advisory for a critical command injection vulnerability affecting PAN-OS, the custom operating system (OS) Palo Alto Networks (PAN) uses in their next-generation firewalls. Affected Version Hotfix Release Version Expected Release Date PAN-OS 10.2 prior to 10.2.9-h1

Network 121

Network Firewall Software Review Systems Review 121

Tenable

OCTOBER 18, 2023

When configured as a gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an AAA virtual server, an unauthenticated attacker could exploit the device in order to hijack an existing authenticated session. Successful exploitation allows the attacker to bypass multifactor authentication (MFA) requirements. NDcPP Prior to 12.1-55.300

Systems Review 70

Systems Review Software Review Authentication Virtualization 70

TechCrunch

DECEMBER 15, 2022

Seeking to bring greater security to AI systems, Protect AI today raised $13.5 Protect AI claims to be one of the few security companies focused entirely on developing tools to defend AI systems and machine learning models from exploits. Swanson suggests internal-use authentication tokens and other credentials, for one.

Machine Learning 223

Machine Learning Artificial Inteligence Software Review Systems Review 223

TechCrunch

OCTOBER 19, 2021

BluePallet was founded in 2020 through the merger of then three-year-old chemical marketplace EchoSystem and Velloci, a fintech company. trillion industry in 2020. and Bruce Schechinger, former chairman of the National Association of Chemical Distributors. . Image Credits: CEO Scott Barrows / BluePallet.

Chemicals 240

Chemicals Industry Technical Review Fintech 240

Tenable

OCTOBER 2, 2023

An unauthenticated (or pre-authenticated) attacker could exploit this vulnerability by sending a specially crafted POST request to a vulnerable WS_FTP Server. Successful exploitation would grant an attacker the ability to achieve remote command execution on the underlying operating system of the WS_FTP Server.

Software Review 124

Software Review Software Systems Review Authentication 124

Tenable

OCTOBER 22, 2024

CVE-2010-2568: Windows Shell Remote Code Execution Vulnerability Remote Code Execution Exploited Zero-Day Local Stuxnet High 2010 Why it’s significant: Regarded as one of the most sophisticated cyberespionage tools ever created, Stuxnet was designed to target SCADA systems in industrial environments to reportedly sabotage Iran's nuclear program.

Software Review 75

Software Review Windows Groups Network 75