Tuesday, March 19, 2019
Tenable

[R1] Nessus 8.2.2 Fixes One Vulnerability

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script...
Tenable

[R1] Nessus 8.2.2 Fixes One Vulnerability

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script...
Tenable

[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R1] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components (Apache Xalan and Serializer) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good...
Tenable

[R2] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components (Apache Xalan and Serializer) were found to contain vulnerabilities, and updated versions have been made available by the providers.
Tenable

[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R1] LCE 5.1.1 Fixes Multiple Third-party Vulnerabilities

Log Correlation Engine leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...
Tenable

[R1] SecurityCenter 5.7.1 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components (PHP and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice,...
Tenable

[R2] SecurityCenter 5.7.0 Fixes Multiple Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components (PHP and jQuery) were found to contain vulnerabilities, and updated versions have been made available by the providers.
Tenable

[R1] TenableCore Web Application Scanner v20180702 Fixes Third-party Vulnerabilities

The TenableCore Web Application Scanner Image v20180328 was found to contain a command injection flaw in a script included in the bundled DHCP client (dhclient) package.A malicious DHCP server, or an attacker on the local network able to spoof...
Tenable

[R1] Nessus Agent 7.1.0 Fixes Multiple Third-party Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. Some of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.