Tenable Blog

Cisco released a high-severity patch update for CVE-2018-0296 on June 22 which affects the Adaptive Security Appliance (ASA). There’s no time to waste in deploying this patch, as the company’s advisory notes it is currently being exploited in the wild.

Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability to highlight. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining the total experience and knowledge of Tenable Research to identify the vulnerability of the month.

Increasingly, operational technology (OT) environments are interconnecting with IT and adopting exploitable IT-based assets and protocols. This means OT systems are exposed to IT threats. Additionally, IT/OT convergence is expanding the cyberattack surface. Threat actors who have compromised IT networks may be able to access OT systems from the IT network. These converged environments contain a mix of IT and OT devices and systems, some of which can be easily disrupted with traditional IT active scanning techniques.

Researchers at Positive Technologies discovered a serious flaw (CVE-2018-0253) in Cisco’s Secure Access Control System (ACS). System administrators use Cisco ACS to authenticate users across the network. The vulnerability allows external access to the Cisco ACS web interface, thereby allowing attackers to possibly gain unrestricted access to the internal network.

On June 11, we’re rolling out a subscription auto-renewal program for customers who purchased through our eCommerce site after July 10, 2017.

We created the auto-renewal program with one goal in mind: to make doing business with us easier. Most of our customers renew their licenses each year, and we have heard from many of you that a manual renewal process is less than ideal. With auto-renewal, you no longer need to worry about when your product‘s subscription expires or take steps to keep your product active. We’re making this process transparent for you.