Saturday, October 19, 2019
Tenable

[R1] Nessus 8.6.0 Fixes One Vulnerability

Nessus versions 8.5.2 and earlier on Windows platforms were found to contain a flaw where certain files could be overwritten arbitrarily. An authenticated, remote attacker could potentially exploit this vulnerability to create a denial of service condition.
Tenable

[R1] Nessus 8.5.0 Fixes One Vulnerability

Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code...
Tenable

[R1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability

Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain a single vulnerability, and updated versions have been made available by the providers. Out of caution and in line...
Tenable

[R1] Nessus 8.3.0 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. Two separate third-party components (OpenSSL and Moment.js) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good...
Tenable

[R1] Nessus 8.2.2 Fixes One Vulnerability

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script...
Tenable

[R1] Nessus 8.2.2 Fixes One Vulnerability

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script...
Tenable

[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R2] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components (Apache Xalan and Serializer) were found to contain vulnerabilities, and updated versions have been made available by the providers.
Tenable

[R1] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components (Apache Xalan and Serializer) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good...
Tenable

[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to...
Tenable

[R1] LCE 5.1.1 Fixes Multiple Third-party Vulnerabilities

Log Correlation Engine leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...
The Register

Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app

Vatican coders exorcise API gremlins but, we must confess, they missed little monster.... Exclusive  The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers' personal information.…
SC Magazine

Trojanized Russian-language Tor browser lets attacks steal from users’ e-wallets

Researchers have discovered a trojanized version of a Tor private browser that targets Russian-speaking dark web marketplace visitors and lets cybercriminals steal from their e-wallet transactions. The developers behind the malicious browser have so far stolen at least $40,000 in...
SC Magazine

UC Browser potentially endangers 500 million users

The popular Android browser UC Browser was found to break several Google mobile app rules possibly placing up to 500 million of its users at risk. UC Browser, which is available from the Google Play store, was found by Zscaler ThreatLabZ...
ZDNet

US stopped using floppy disks to manage nuclear weapons arsenal

US Air Force switches to secure solid-state-based solution to replace antiquated floppy disks in SACCS nuclear weapons management system.
Bruce Schneier

Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef

It's likely the diamondback squid. There's a video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.