Spring4Shell (CVE-2022-22965) FAQ: Spring Framework Remote Code Execution Vulnerability
March 30, 2022A list of frequently asked questions related to Spring4Shell (CVE-2022-22965).
CVE-2022-22948: VMware vCenter Server Sensitive Information Disclosure Vulnerability
March 30, 2022Researchers disclose a moderate severity vulnerability in VMware vCenter Server that can be used in an exploit chain with other vCenter Server flaws to take over servers.
Cr8escape: How Tenable Can Help (CVE-2022-0811)
March 29, 2022CrowdStrike discloses container escape vulnerability affecting CRI-O for Kubernetes. Here’s how Tenable.cs can help you detect vulnerable pods. Background On March 15, CrowdStrike published tech...
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
March 24, 2022Private messages between Conti members uncover invaluable information about how the infamous ransomware group hijacks victims’ systems. Leaked internal chats between Conti ransomware group members ...
Microsoft’s March 2022 Patch Tuesday Addresses 71 CVEs (CVE-2022-23277, CVE-2022-24508)
March 8, 2022<p>Microsoft addresses 71 CVEs in its March 2022 Patch Tuesday release, including three vulnerabilities that were publicly disclosed as zero-days.</p>
Government Advisories Warn of APT Activity Resulting from Russian Invasion of Ukraine
February 24, 2022Government agencies publish warnings and guidance for organizations to defend themselves against advanced persistent threat groups. As governments around the world call for heightened cyber vigil...
CVE-2022-22536: SAP Patches Internet Communication Manager Advanced Desync (ICMAD) Vulnerabilities
February 9, 2022SAP and Onapsis Research Labs collaborate to disclose three critical vulnerabilities impacting SAP NetWeaver Application Servers. The most severe of the three could lead to full system takeover. Ba...
Microsoft’s February 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-21989)
February 8, 2022Microsoft addresses 48 CVEs in its February 2022 Patch Tuesday release, including one zero-day vulnerability that was publicly disclosed, but not exploited in the wild.
CVE-2022-20699, CVE-2022-20700, CVE-2022-20708: Critical Flaws in Cisco Small Business RV Series Routers
February 3, 2022Cisco patches 15 flaws in Cisco Small Business RV Series Routers, including three with critical 10.0 CVSSv3 scores. Update February 4: Cisco has updated their advisory to announce partial patch...
Oracle January 2022 Critical Patch Update Addresses 266 CVEs
January 19, 2022Oracle addresses 266 CVEs in its first quarterly update of 2022 with 497 patches, including 25 critical updates. Background On January 18, Oracle released its Critical Patch Update (CPU) for Januar...
CVE-2021-44757: ZoHo Patches Authentication Bypass in ManageEngine Desktop Central
January 18, 2022ZoHo patches authentication bypass in ManageEngine Desktop Central that could allow attackers to write arbitrary zip files to the server. Background On January 17, ZoHo issued an advisory and patche...
Microsoft’s January 2022 Patch Tuesday Addresses 97 CVEs (CVE-2022-21907)
January 11, 2022Microsoft addresses 97 CVEs in its January 2022 Patch Tuesday release, including four zero-day vulnerabilities that were publicly disclosed but not exploited in the wild. 9Critical 88Important...