Tenable Blog

How the CDM DEFEND plan for adding and securing mobile devices will help government agencies improve visibility and security.

“Going Mobile” was a hit song for the British rock band “The Who” in the early 1970s. Celebrating a transient lifestyle, the song captured the public’s imagination because, at the time, society was generally immobile; people were tied to single towns, jobs, and friends and family who rarely ventured far from home.

Recent attacks targeting Drupal instances vulnerable to Drupalgeddon 2 and Drupalgeddon 3 highlight the importance of identifying and patching vulnerable sites.

The ‘AMP for WP – Accelerated Mobile Pages’ plugin for WordPress is vulnerable to a privilege escalation attack. Updating the plugin to version ‘0.9.97.20’ fixes the flaw.

Updated November 19: The original posting of this blog credited WebARX security with the discovery of the vulnerability. This was incorrect as this initial discovery was made by plugin developer Sybre Waaijer. The text below has been corrected, and the reference links now include the wpvulndb page.

Researchers have reported an incomplete fix for CVE-2018-4993, an NTLM credential leaking vulnerability that was supposed to be patched in May 2018. Adobe has now released a complete fix.

VMware issued an advisory about two uninitialized stack memory usage bugs and has released patches and updates for some versions of the affected software.

Background

On November 9, VMware published a security advisory to address a Guest-to-Host Escape vulnerability affecting VMware ESXi, Workstation and Fusion. The vulnerability was discovered and released by a security researcher at GeekPwn 2018, an annual security conference in Shanghai, China which took place in late October 2018. The researcher reported the vulnerability to VMware through GeekPwn.