Satnam Narang

Blog Post

CVE-2019-10149: Critical Remote Command Execution Vulnerability Discovered In Exim

Thursday, June 6, 2019

Researchers discover critical remote command execution vulnerability in older versions of Exim. Over 4.1 million systems are potentially vulnerable to local exploitation and remote exploitation is possible in non-default configurations...

Blog Post

SandboxEscaper: Local Privilege Escalation Bugs Including Four Zero-Day Vulnerabilities Disclosed

Thursday, May 23, 2019

Five vulnerabilities, including four zero-day vulnerabilities, have been disclosed in Windows Task Scheduler, Windows Error Reporting, Internet Explorer 11, Microsoft Edge and Windows Installer, which could be used by attackers...

Blog Post

Microarchitectural Data Sampling: Speculative Execution Side-Channel Vulnerabilities Found in Intel CPUs

Wednesday, May 15, 2019

Researchers disclose speculative execution side-channel attacks named ZombieLoad, RIDL and Fallout in Intel Central Processing Units (CPUs). Background On May 14, public disclosures from multiple research groups regarding a new...

Blog Post

Thrangrycat: Vulnerabilities in Cisco Secure Boot and Cisco IOS XE (CVE-2019-1649, CVE-2019-1862)

Tuesday, May 14, 2019

Researchers identify vulnerabilities in Cisco Secure Boot process and Cisco IOS XE devices that could reportedly be chained together for significant impact. Background On May 13, Cisco published two security...

Blog Post

CVE-2019-3396: Vulnerability in Atlassian Confluence Widget Connector Exploited in the Wild

Tuesday, April 30, 2019

Attackers are targeting vulnerable Confluence instances after company published a fix for the vulnerability back in March 2019. Background On March 20, Atlassian published a Confluence Security Advisory to announce...

Blog Post

Sea Turtle DNS Hijacking Campaign Utilizes At Least Seven Patched Vulnerabilities

Friday, April 19, 2019

The Sea Turtle campaign exploits seven patchable vulnerabilities dating from 2009 to 2018 to breach organizations and hijack their DNS name records. Background On April 17, researchers at Cisco’s Talos...

Blog Post

Oracle Critical Patch Update For April Contains 297 Fixes

Wednesday, April 17, 2019

Oracle fixes nearly 300 vulnerabilities in second Critical Patch Update for 2019, including bugs in WebLogic, Java SE and several product components. Background On April 16, Oracle released its Critical...

Blog Post

Critical OS Command Injection Vulnerability in Citrix SD-WAN Center Discovered

Thursday, April 11, 2019

Tenable Research has discovered a critical vulnerability in Citrix SD-WAN Center that could lead to remote code execution. Background On April 10, Citrix released a security bulletin for CVE-2019-10883, an...

Blog Post

Critical Vulnerability in Siemens Spectrum Power (CVE-2019-6579) Patched in Monthly Advisory

Wednesday, April 10, 2019

Siemens Security Advisory Day (SAD) for April 2019 addresses a variety of vulnerabilities, including a critical vulnerability in Siemens Spectrum Power. Background On April 9, Siemens published its monthly Siemens...

Blog Post

CVE-2019-0211: Proof of Concept for Apache Root Privilege Escalation Vulnerability Published

Monday, April 8, 2019

Researcher publishes proof of concept (PoC) for local root privilege escalation bug patched by Apache last week. Background Last week, Apache published a security update to address six vulnerabilities in...

Accurately identify, investigate and prioritize vulnerabilities. Managed in the Cloud.

Accurately identify, investigate and prioritize vulnerabilities. Managed On-Prem.

The #1 vulnerability assessment solution.

Security integrated into DevOps. Protect containers in development and operations.

Streamline verification of adherence with PCI Data Security Standard.

Automated web application scanning. For modern and traditional web frameworks.

Accurately identify, investigate and prioritize vulnerabilities. For critical infrastructure and operational technology.

Satnam Narang

Blog Post

Blog Post

Blog Post

Blog Post

Blog Post

Blog Post

Blog Post

Blog Post

Blog Post

Blog Post

Pages

Try Tenable.io

Buy Tenable.io

Thank You

Try Nessus Professional Free

Buy Nessus Professional

Try Tenable.io Web Application Scanning

Buy Tenable.io Web Application Scanning

Thank You

Try Tenable.io Container Security

Buy Tenable.io Container Security

Thank You

Learn More about Industrial Security

Get a Demo of Tenable.sc