Tuesday, March 2, 2021
Tenable

[R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability

Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good...
Tenable

[R1] Nessus AMI 8.13.1 Fixes One Vulnerability

Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
Tenable

[R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. Two separate third-party components (jQuery and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice,...
Tenable

[R1] Nessus 8.13.1 Fixes Multiple Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R1] Nessus Agent 8.2.2 Fixes Multiple Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted...
Tenable

[R1] Nessus 8.13.0 Fixes One Third-party Vulnerability

Nessus leverages third-party software to help provide underlying functionality. One of the third-party components (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...
Tenable

[R1] Nessus Network Monitor 5.12.1 Fixes One Vulnerability

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The...
Tenable

[R1] Nessus 8.12.1 Fixes One Vulnerability

A vulnerability in Nessus 8.12.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file...
Tenable

[R1] Nessus Agent 8.2.0 Fixes One Vulnerability

A vulnerability in Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker...
Tenable

[R1] Nessus 8.11.1 Fixes One Vulnerability

Nessus versions 8.11.0 and earlier were found to be maintaining sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.
Tenable

[R1] Nessus 8.11.0 Fixes One Vulnerability

Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable...
Tenable

[R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerability

Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good...
Tenable

[R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain a multiple vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with...
Tenable

[R1] Tenable.sc 5.14.0 Fixes Multiple Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. One third-party component (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...

Quarter of Healthcare Apps Contain High Severity Bugs

Quarter of Healthcare Apps Contain High Severity Bugs A quarter (25%) of healthcare apps contain high severity flaws, but healthcare organizations (HCOs) are relatively quick to fix them, according to new data from Veracode. The security vendor broke out sector-specific...

Microsoft's Dream of Decentralized IDs Enters the Real World

The company will launch a public preview of its identification platform this spring—and has already tested it at the UK's National Health Service.

Kaspersky to Co-Chair Working Group of the Paris Call

Kaspersky to Co-Chair Working Group of the Paris Call Kaspersky has announced it is partnering with Cigref to co-chair the Working Group 6 (WGF) as part of the Paris Call for Trust and Security in Cyberspace initiative. The group...
IBM Security

‘Clear and Present Danger’: Why Cybersecurity Risk Management Needs to Keep Evolving

The phrase ‘future-proof’ is seductive. We want to believe technology prepares us for the future. But with threat actors and developers in an arms race to breach and protect, cybersecurity risk — and cybersecurity risk management — are always...

Search crimes – how the Gootkit gang poisons Google searches

When a search result looks too good to be true - it IS too good to be true!