Friday, June 5, 2020
Tenable

[R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerability

Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good...
Tenable

[R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities

Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain a multiple vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with...
Tenable

[R1] Tenable.sc 5.14.0 Fixes Multiple Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. One third-party component (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R1] SimpleSAMLPHP Stand-alone Patch Available for Tenable.sc versions 5.9.x to 5.12.x

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (SimpleSAMLPHP) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...
Tenable

[R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with...
Tenable

[R1] Nessus Network Monitor 5.11.0 Fixes Multiple Third-party Vulnerabilities

Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several third-party components (OpenSSL, jQuery and moment.js) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with...
Tenable

[R1] PHP Stand-alone Patch Available for Tenable.sc versions 5.7.x to 5.11.x

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (PHP) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...
Tenable

[R1] Nessus 8.7.0 Fixes One Vulnerability

Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become...
Tenable

[R1] Nessus 8.6.0 Fixes One Vulnerability

Nessus versions 8.5.2 and earlier on Windows platforms were found to contain a flaw where certain files could be overwritten arbitrarily. An authenticated, remote attacker could potentially exploit this vulnerability to create a denial of service condition.
Tenable

[R1] Nessus 8.5.0 Fixes One Vulnerability

Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code...

FTC Slams Children’s App Developer for COPPA Violations

Children's app developer HyperBeard must pay $150,000 after the FTC claimed it violated privacy laws.
SecurityWeek

Business Services Provider Conduent Hit by Ransomware

Business process services provider Conduent has been the victim of a ransomware attack that appears to be the work of Maze operators. Formed in 2017 as a divestiture from Xerox and headquartered in New Jersey, the company offers digital platforms...
SC Magazine

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a...

Electrolux, Others Conned Out of Big Money by BEC Scammer

Kenenty Hwan Kim has pleaded guilty to swindling the appliance giant and other companies in a set of elaborate schemes.
The Register

Kind of goes without saying, but fix your admin passwords or risk getting borged by this brute-forcing botnet

Publishing platforms, hosts being targeted by Stealthworker malware Servers are being targeted with a malware attack that uses its infected hosts to brute-force other machines.…