Tenable Research Advisory: Multiple HPE iMC Vulnerabilities Could Lead to Remote Code Execution or Denial of Service
October 11, 2018Tenable Research discovered multiple vulnerabilities in the HPE Intelligent Management Center. HPE is currently working to fix the issues and plans to release patches on Nov. 30. What you need to kno...
MikroTik RouterOS Vulnerabilities: There’s More to CVE-2018-14847
October 10, 2018In the course of preparing his Derbycon 8.0 presentation on RouterOS vulnerabilities, Tenable Researcher Jacob Baines discovered more to CVE-2018-14847 than originally known. Here’s how it could allow...
Tenable Research Advisory: Multiple Vulnerabilities Discovered in MikroTik's RouterOS
October 7, 2018Tenable Research has discovered several vulnerabilities in RouterOS, an operating system used in MikroTik routers, the most critical of which would allow attackers to potentially gain full system acce...
Tenable Research Advisory: Popular TP-Link Router is Vulnerable to Remote Exploitation
October 2, 2018Tenable Research has discovered multiple vulnerabilities in the TP-Link TL-WRN841N, a popular consumer router, one of which could be used by an attacker to remotely take over the device. What do yo...
Tenable Research Advisory: Rockwell Automation RSLinx Classic Lite RCE and DoS Vulnerability Discovered by Tenable
September 26, 2018Tenable Research has discovered multiple memory corruption issues in Rockwell Automation RSLinx Classic Lite 4.00.01 that may allow for remote code execution or denial of service. Customers are encour...
Tenable Research Advisory: Peekaboo Critical Vulnerability in NUUO Network Video Recorder
September 17, 2018Tenable Research has discovered a critical vulnerability named Peekaboo permitting remote code execution in IoT network video recorders for video surveillance systems that would allow attackers to rem...
Peekaboo: Don’t Be Surprised by These Not So Candid Cameras
September 17, 2018Tenable Research discovered a major software flaw, dubbed Peekaboo, which gives cyber criminals control of certain video surveillance cameras, allowing them to secretly monitor, tamper with and even d...
Tenable Research Advisory: Advantech WebAccess Remote Command Execution Still Exploitable
September 10, 2018Tenable Researcher Chris Lyne discovered that Advantech WebAccess versions 8.3, 8.3.1 and 8.3.2 are still vulnerable to remote command execution CVE-2017-16720, which was originally disclosed by ZDI i...
August Vulnerability of the Month: Critical Vulnerability in Oracle WebLogic Targeted by Attackers
August 30, 2018In August, Tenable Research voted to highlight CVE-2018-2893 in Oracle WebLogic Server because it was almost immediately exploited by multiple threat actors. Novelty, sophistication or just plain wei...
Leaky Amazon S3 Buckets: Challenges, Solutions and Best Practices
August 9, 2018Amazon Web Service (AWS) S3 buckets have become a common source of data loss for public and private organizations alike. Here are five solutions you can use to evaluate the security of data stored in ...
How Mature Are Your Cyber Defender Strategies?
August 8, 2018Our latest research examines real-world vulnerability assessment practices at 2,100 organizations to understand how defenders are approaching this crucial step in cyber hygiene. For our latest resear...
July Vulnerability of the Month: Two Zero-Days Caught in Development
July 31, 2018An Adobe Reader double free vulnerability on Windows and macOS systems earns the nod for its interesting discovery and patch story. Novelty, sophistication or just plain weirdness are some of the po...