Tenable Blog

Observing these best practices for credentialed scanning will help you paint the clearest picture of your network's potential vulnerabilities.

Vulnerability scanning represents one of the most important tools for a modern organization to include in its information security arsenal. But as is true of many cybersecurity practices, it has its variations, chief among them being credentialed and non-credentialed scanning.

Independent business risk study shows cybersecurity is seldom fully integrated into business strategy – and it needs to be.

Apache published two security bulletins to address a potential remote code execution vulnerability and a denial of service vulnerability. Public proof of concept code is available.

Background

On August 13, Apache published security bulletins to address two vulnerabilities in Apache Struts version 2. Apache Struts is an open source model-view-controller (MVC) framework used to create Java web applications.

Researcher identifies a zero-day vulnerability that bypasses a fix for CVE-2019-16759, a previously disclosed remote code execution vulnerability in vBulletin. Attacks have already been observed in the wild.

Update August 17, 2020: The Title, Analysis and Identifying Affected Systems sections were updated to include reference to the assigned CVE identifier, CVE-2020-17496.

A partnership between Tenable and JSOF continues to uncover additional devices vulnerable to Ripple20.

Update September 9, 2020: The Affected Vendors section has been updated based on feedback from vendors.