Tenable Blog

Security researchers reveal how the cryptographic authentication scheme in Netlogon can be exploited to take control of a Windows domain controller (DC).

Update: September 21, 2020: The ‘Identifying Affected Systems’ section has been updated to include instructions for our new unauthenticated check for Zerologon.

Update: October 02, 2020: The ‘Identifying Affected Systems’ section has been updated to highlight the release of the Zerologon scan template for Nessus and Tenable.io.

To avoid exposure to a variety of web application vulnerabilities, specific security considerations must be made when implementing Cross-Origin Resource Sharing

Today’s modern web applications rely heavily on JavaScript to be dynamic, and ensure the best experience for end-users. Providing content and data to the users often requires interactions with other web applications, which include cross-domain requests and an additional configuration step on the application side known as a Cross-Origin Resource Sharing (CORS) policy.

For the fourth month in a row, Microsoft patches over 120 CVEs, addressing 129 CVEs in its September release.

Update September 10, 2020: Updated the section for CVE-2020-16875 to account for a revision made by Microsoft to the description for this vulnerability.

Attackers have begun to target a vulnerability in a popular WordPress plugin with over 700,000 active installations, attempting to inject malicious code.

Update September 10, 2020: Updated the Title and Analysis sections of the blog to include the CVE identifier for this vulnerability, which was published to NVD on September 9.

Cisco warns of two zero-day denial-of-service vulnerabilities in its IOS XR Software actively exploited in the wild.

Update September 29, 2020: The Solutions section has been updated with details regarding patches that were released by Cisco.