ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
Private messages between Conti members uncover invaluable information about how the infamous ransomware group hijacks victims’ systems. Leaked internal chats between Conti ransomware group members offer a unique glimpse into its inner workings and provide valuable insights, including details on o...
Microsoft’s March 2022 Patch Tuesday Addresses 71 CVEs (CVE-2022-23277, CVE-2022-24508)
<p>Microsoft addresses 71 CVEs in its March 2022 Patch Tuesday release, including three vulnerabilities that were publicly disclosed as zero-days.</p>...
Government Advisories Warn of APT Activity Resulting from Russian Invasion of Ukraine
Government agencies publish warnings and guidance for organizations to defend themselves against advanced persistent threat groups. As governments around the world call for heightened cyber vigilance, the reality of our digital world comes into stark relief: there are no boundaries when it come...
CVE-2022-22536: SAP Patches Internet Communication Manager Advanced Desync (ICMAD) Vulnerabilities
SAP and Onapsis Research Labs collaborate to disclose three critical vulnerabilities impacting SAP NetWeaver Application Servers. The most severe of the three could lead to full system takeover. Background On February 8, SAP disclosed several vulnerabilities in the Internet Communication Manag...
Microsoft’s February 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-21989)
Microsoft addresses 48 CVEs in its February 2022 Patch Tuesday release, including one zero-day vulnerability that was publicly disclosed, but not exploited in the wild....
CVE-2022-20699, CVE-2022-20700, CVE-2022-20708: Critical Flaws in Cisco Small Business RV Series Routers
Cisco patches 15 flaws in Cisco Small Business RV Series Routers, including three with critical 10.0 CVSSv3 scores. Update February 4: Cisco has updated their advisory to announce partial patches for the RV160 and RV260 Series Routers. The Solution section has been updated with this informati...
Oracle January 2022 Critical Patch Update Addresses 266 CVEs
Oracle addresses 266 CVEs in its first quarterly update of 2022 with 497 patches, including 25 critical updates. Background On January 18, Oracle released its Critical Patch Update (CPU) for January 2022, the first quarterly update of the year. This CPU contains fixes for 266 CVEs in 497 security...
CVE-2021-44757: ZoHo Patches Authentication Bypass in ManageEngine Desktop Central
ZoHo patches authentication bypass in ManageEngine Desktop Central that could allow attackers to write arbitrary zip files to the server. Background On January 17, ZoHo issued an advisory and patches for CVE-2021-44757, a critical authentication bypass in its ManageEngine Desktop Central and Manag...
Microsoft’s January 2022 Patch Tuesday Addresses 97 CVEs (CVE-2022-21907)
Microsoft addresses 97 CVEs in its January 2022 Patch Tuesday release, including four zero-day vulnerabilities that were publicly disclosed but not exploited in the wild. 9Critical 88Important 0Moderate 0Low Update January 13: The Solutions section has been updated to reflect th...
CVE-2021-44228, CVE-2021-45046, CVE-2021-4104: Frequently Asked Questions About Log4Shell and Associated Vulnerabilities
A list of frequently asked questions related to Log4Shell and associated vulnerabilities....
Microsoft’s December 2021 Patch Tuesday Addresses 67 CVEs (CVE-2021-43890)
Microsoft addresses 67 CVEs in its December 2021 Patch Tuesday release, including a zero-day vulnerability that has been exploited in the wild....
Apache Log4j Flaw: A Fukushima Moment for the Cybersecurity Industry
Organizations around the world will be dealing with the long-tail consequences of this vulnerability, known as Log4Shell, for years to come....
