Tenable Selected as Partner of Choice as BeyondTrust Exits Vulnerability Management Market

January 16, 2020

Tenable named as the preferred vulnerability management platform for BeyondTrust customers in exclusive partnership

MUMBAI, India – January 16, 2020 – Tenable®, Inc., the Cyber Exposure company, today announced it has entered into an exclusive partnership with BeyondTrust, a worldwide leader in Privileged Access Management (PAM), that names Tenable as the preferred vulnerability management partner for BeyondTrust Enterprise Vulnerability Management customers. BeyondTrust has made a decision to exit the Vulnerability Management market and has selected Tenable as its exclusive partner. Tenable was chosen for its market leadership in Vulnerability Management and Cyber Exposure to help organisations understand and manage their cyber risk.

Today’s announcement follows Tenable’s recognition as a Leader in “The Forrester Wave™: Vulnerability Risk Management, Q4 2019” report where Tenable is top-ranked among 13 vendors in both the Strategy and Current Offering categories. Tenable.io® was also named the number one platform in the market for vulnerability and security configuration coverage, according to an analysis and report by Principled Technologies. In addition, Tenable.io was recognised as the Best Vulnerability Management Solution at the 2019 SC Awards.

The market has spoken again – and has selected Tenable as the market leader in vulnerability management. In addition to the recognition from Forrester, we are number one in coverage, number one in accuracy, number one in zero-day research and the only vulnerability management vendor to surpass 100 zero-day discoveries in a single year. We’re laser-focused on ongoing innovation – from delivering Tenable Lumin to the industry’s first unified risk-based view of IT and OT security – to transform how cybersecurity is managed and measured,” said Renaud Deraison, chief technology officer and co-founder, Tenable. “We are honored to be the vulnerability management platform of choice for BeyondTrust. BeyondTrust vulnerability management customers should be very confident that they will be in the best possible hands with Tenable to solve their vulnerability management challenges.”

When we decided to exit the vulnerability management market, it was critical that BeyondTrust referred its customers to a trusted company with a proven track record of product innovation and customer loyalty,” said Dan DeRosa, Chief Product Officer, BeyondTrust. “Tenable was the logical choice, having earned the trust and respect of tens of thousands of organisations globally. We are confident in our decision and know that our customers will be very well taken care of.”

BeyondTrust will end-of-life its vulnerability management suite of solutions effective December 31, 2020. BeyondTrust customers can learn more about the Tenable platform by joining the webinar on Tuesday, January 28 at 2 PM ET or requesting a demo at www.tenable.com/beyondtrust.

# # #

About Tenable

Tenable®, Inc. is the Cyber Exposure Company. Over 27,000 organisations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com


CVE-2020-0601: NSA Reported Spoofing Vulnerability in Windows CryptoAPI

January 16, 2020

By Tenable Security Response Team – As part of the first Patch Tuesday of 2020, Microsoft has released patches for CVE-2020-0601. This is a critical flaw in the cryptographic library for Windows that impacts Windows 10 and Windows Server 2016/2019. The National Security Agency, who discovered and reported the flaw to Microsoft, strongly urges users to prioritise patching vulnerable systems.

Commenting about the MSFT flaw, Renaud Deraison, Co- founder and CTO at Tenable said, “CVE-2020-0601 hits at the very trust we have in today’s digital computing environments — trust to authenticate binaries and trust that our ciphered communications are properly protected. The flaw would enable an attacker, among other things, to exploit how Windows verifies cryptographic trust, enabling them to deliver executable code and making it look like it came from a trusted source. You can imagine its use in ransomware and phishing attacks on unpatched systems. This is a serious vulnerability and one that we fully expect to see exploited in the wild in the coming weeks and months. We will see continued attacks over the course of the year among organisations that do not patch their systems quickly.

The NSA’s responsible disclosure of the vulnerability to Microsoft is a step in the right direction. We look forward to continued public-private sector coordination.

Amit Yoran, Chairman and CEO, Tenable and Founding Director of the United States Computer Emergency Readiness Team (US-CERT) program in the U.S. Department of Homeland Security said, “For the U.S. government to share its discovery of a critical vulnerability with a vendor is exceptionally rare if not unprecedented. It underscores the criticality of the vulnerability and we urge all organisations to prioritise patching their systems quickly. The fact that Microsoft provided a fix in advance to US Government and other customers which provide critical infrastructure is also highly unusual. These are clearly noteworthy shifts from regular practices and make this vulnerability worth paying attention to and also worth asking questions about. How long ago was the vulnerability discovered? How long did it take from discovery to reporting? Was it used by the NSA? Has it been observed being used by foreign intelligence services already? What triggered the vendor disclosure? None of these questions change what organizations need to do at this point to protect themselves, but their answers might tell us a lot more about the environment we operate in.

The detailed blog post which contains more details on the vulnerability and directions for creating a scan can be read here.


Zero-Day Vulnerability in Mozilla Firefox Exploited in Targeted Attacks

January 10, 2020

By Satnam Narang on January 8th, 2020 – On January 8, Mozilla Foundation released a security advisory to address a critical zero-day flaw in Mozilla Firefox, which has been exploited in targeted attacks.

Analysis

CVE-2019-17026 is a type confusion vulnerability in IonMonkey, the JavaScript Just-In-Time (JIT) compiler for SpiderMonkey, Mozilla’s JavaScript engine. According to Mozilla’s advisory, the flaw exists in the JIT compiler due to “incorrect alias information for setting array elements,” specifically in StoreElementHole and FallibleStoreElement.

The vulnerability was reported to Mozilla by researchers at Qihoo 360 ATA. Mozilla’s advisory states they are “aware of targeted attacks in the wild abusing this flaw.” Based on this note in the advisory, it appears the vulnerability was exploited in the wild as a zero-day. Further information about the exploitation was not available at the time this blog post was published.

This advisory follows the release of Firefox 72 and Firefox Extended Support Release (ESR) 68.4 on January 7, which included the following security advisories:

Last year, Mozilla patched CVE-2019-11707, another type confusion flaw that was used in conjunction with CVE-2019-11708, a sandbox escape vulnerability in targeted attacks.

Proof of concept

At this time, no proof of concept is available for this vulnerability.

Solution

To address CVE-2019-17026, Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1. Because this vulnerability has been exploited in targeted attacks, Firefox users are advised to upgrade as soon as possible.

Identifying affected systems

A list of Tenable plugins to identify this vulnerability will appear here as they’re released.

Get more information


Windows 7 support to end on January 14, 2020; Satnam Narang, Senior Research Engineer, comments on the importance of migration plans

January 10, 2020

With Windows 7 and Windows Server 2008 coming to end of life on 14 January, meaning patching and technical support via Microsoft’s support center will no longer be available for these products. This means continuing to use either operating system after this date will put your system at risk of attack from new and unpatched vulnerabilities. Running your business on an outdated (and unsupported) system is a huge security risk.

 

Satnam Narang, Senior Research Engineer at Tenable said, “With Microsoft discontinuing support for Windows 7 and Windows Server 2008 on January 14, it is imperative that consumers and businesses take steps to ensure their systems are not vulnerable. In December 2019, Microsoft released fixes for CVE-2019-1458, an elevation of privilege vulnerability that was exploited in the wild. It affects both Windows 7 and Windows 2008 systems. Users of Windows 7 and Windows Server 2008 who opt not to migrate to newer versions are at risk of being preyed upon by bad actors, leaving them vulnerable to attacks especially since these systems won’t be supported by Microsoft. We strongly encourage consumers and businesses to take stock of what Windows 7 or Windows Server 2008 assets remain and make immediate plans for migration.


Cisco Patches 12 Vulnerabilities in Data Center Network Manager

January 6, 2020

Includes 3 Critical Authentication Bypass Flaws: CVE-2019-15975, CVE-2019-15976, CVE-2019-15977

Background

On January 2, Cisco published a series of advisories for Cisco Data Center Network Manager (DCNM), a platform for managing Cisco’s data center deployments equipped with Cisco’s NX-OS. A total of 12 vulnerabilities were found and reported to Cisco, 11 of which were discovered by Steven Seeley of Source Incite.

Analysis

Of the 12 vulnerabilities patched by Cisco, the most severe include a trio of critical authentication bypass flaws, two of which reside in DCNM API endpoints.

CVE-2019-15975 and CVE-2019-15976 are authentication bypass vulnerabilities in the REST API and SOAP API endpoints for Cisco DCNM due to the existence of a static encryption key shared between installations. A remote, unauthenticated attacker could gain administrative privileges through either the REST API or SOAP API by sending a specially crafted request that includes a valid session token generated using the static encryption key.

CVE-2019-15977 is an authentication bypass vulnerability in the web-based management interface for Cisco DCNM because of the use of static credentials. A remote, unauthenticated attacker could use these static credentials to extract sensitive information from the vulnerable device, enabling them to perform additional attacks.

Utilizing these authentication bypass vulnerabilities, attackers could leverage the remaining flaws patched by Cisco, which include command injection vulnerabilities (CVE-2019-15978, CVE-2019-15979), SQL injection vulnerabilities (CVE-2019-15984, CVE-2019-15985), path traversal vulnerabilities (CVE-2019-15980, CVE-15981, CVE-2019-15982) and an XML external entity vulnerability (CVE-2019-15983).

Seeley’s discovery of these vulnerabilities in Cisco DCNM was inspired by four flaws reported back in June 2019 by security researcher Pedro Ribeiro, including CVE-2019-1619, an authentication bypass flaw in the DCNM’s web-based management interface.

Additionally, Cisco patched CVE-2019-15999, a vulnerability in the DCNM’s JBoss Enterprise Application Platform (EAP) reported by Harrison Neal of PatchAdvisor. This flaw exists because the authentication settings on the EAP were incorrectly configured.

Proof of concept

At the time this blog post was published, no proof-of-concept code has been released for any of the reported vulnerabilities.

Solution

Cisco released updates to correct each of the specified vulnerabilities. Affected versions of Cisco DCNM software include releases earlier than 11.3 (1). We recommend reviewing the linked advisories under the “Get more information” section below.

 Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released.

Get more information


%d bloggers like this: