Tenable Blog

Oracle’s third Critical Patch Update of 2020 contains a record-breaking 443 security patches addressing 284 CVEs, including critical vulnerabilities in Oracle Communications Applications and Oracle Fusion Middleware products.

Update July 20, 2020: A proof of concept script has become publicly available for CVE-2020-14645. The proof of concept section of our blog has been updated accordingly.

Researchers disclose a 17-year-old wormable flaw in Windows DNS servers. Organizations are strongly encouraged to apply patches as soon as possible.

Update July 17, 2020: The Proof of Concept and Solutions sections have been updated to reflect the availability of proof of concept scripts and the availability of an audit file for Tenable products.

Researchers disclosed a critical flaw in SAP NetWeaver Application Server that could allow an attacker to gain access to any SAP application. Organizations are strongly encouraged to apply patches as soon as possible.

Update July 16, 2020: A proof of concept script has become publicly available for CVE-2020-6286. The proof of concept section of our blog has been updated accordingly.

As cyberthreat actors increasingly target critical infrastructure, both the federal government and private sector have key roles to play in securing essential services. Here are some of the latest joint efforts advancing this mission.

For critical infrastructure organizations, the gains of automation and IoT technology have also meant heightened threats. These are the steps security directors can take to reduce cyber risk across their industrial operations.