Clik here to view.
DOUBLEPULSAR Backdoor Detection with Nessus and PVS
Last week many of us in the industry were busy investigating a large cache of weaponized software exploits and payloads released by the ShadowBrokers group. One particular payload that received much...
View ArticleClik here to view.
Canada’s Information Technology Security Guidance Publication 33 (ITSG-33)
Safeguarding a network in today’s dynamic threat environment is a formidable task. Mobile devices and an increasing dependence on the internet make the job of maintaining control of network systems and...
View ArticleClik here to view.
Vulnerability Management has Changed Dramatically: Forrester Report
Vendor Landscape: Vulnerability Management, 2017According to Forrester1, software vulnerabilities are the leading method of external intrusion in a breach. This problem will continue to grow, as the...
View ArticleClik here to view.
Money, Hackers and Spies: Quick Bytes from Verizon's 2017 DBIR Report
Before diving into some initial findings of this year’s Verizon Data Breach Investigations Report (DBIR), here are a few things to remember. First, the report is a subset of all incident and breach...
View ArticleClik here to view.
How To Run an External Asset Scan with Tenable.io in Just Four Lines of Python
The new Python SDK for Tenable.io™ was designed to easily enable powerful integrations with the Tenable.io API. The aim of this blog is to demonstrate how to get the SDK up and running, launch an...
View ArticleClik here to view.
Intel AMT Vulnerability Detection with Nessus and PVS (INTEL-SA-00075)
Intel recently announced an escalation of privilege vulnerability in the Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology firmware,...
View ArticleClik here to view.
Rediscovering the Intel AMT Vulnerability
No PoC, No Patch, No Problem!On May 1, 2017 Intel disclosed the AMT vulnerability (INTEL-SA-00075), but details of that vulnerability were not made public. However, Tenable researchers were able to...
View ArticleClik here to view.
Master Your Security Foundation: Know Your Software
Inventorying and managing the software on your network is foundational to your security. Unmanaged and unauthorized software is a blind spot that increases risk and IT support costs. What you don’t...
View ArticleClik here to view.
Back to Basics with the 2017 Verizon DBIR
Those who don’t know (cyber) history are destined to repeat itFor anyone who has followed the the Verizon Data Breach Investigations Report (DBIR) through its many iterations, the findings for 2017...
View ArticleClik here to view.
WannaCry? Three Actions You Can Take Right Now to Prevent Ransomware
By now everyone has heard about the ransomware called Wanna, WannaCry or WCry spreading across the globe and locking down the data of some of the world’s largest companies. The malware appears to...
View ArticleClik here to view.
Credentialed Scan Failures Report
Tenable.io Vulnerability ManagementI am often asked, “How can I be more productive and get better results from my vulnerability scans?” This question could be the result of a failed audit, network...
View ArticleClik here to view.
WannaCry? Patch or Protect
WannaCry and the vulnerability it targeted has dominated the global news all week, including technical details, prevention advice, attribution speculation and even personal details of the researcher...
View ArticleClik here to view.
Improving India's Digital Economy with the RBI Security Framework
In 2016, due to the increasing use of information technology by banks and their customers, and the increase in cyber attacks against the financial sector, the Reserve Bank of India (RBI) provided...
View ArticleClik here to view.
Patch or Risk Being Breached: Tenable.io and the Verizon 2017 DBIR
According to the 2017 Verizon Data Breach Investigations Report (DBIR), time to patch plays a critical role in the risk exposure to your network. The DBIR states (page 13) “research has shown that...
View ArticleClik here to view.
WannaCry 2.0: Detect and Patch EternalRocks Vulnerabilities Now
A new network worm dubbed EternalRocks is making the news this week as the successor to the WannaCry ransomware. EternalRocks leverages some of the same vulnerabilities and exploit tools as WannaCry...
View ArticleClik here to view.
NIST SP 800-171: The Compliance Window is Closing Fast
Does your company do business with the Department of Defense? Do you want that business to continue after 2017? If you answered yes to both of these questions, you need to know about Defense Federal...
View ArticleClik here to view.
Detecting SambaCry CVE-2017-7494
We’ve seen several critical vulnerabilities lately. First there was WannaCry, and then WannaCry 2.0 (EternalRocks), and now do we have WannaCry 3.0? Well, not really. But a new seven-year-old remote...
View ArticleClik here to view.
Blocking and Tackling Unauthorized Access: Tenable.io and the 2017 Verizon DBIR
According to the 2017 Verizon Data Breach Investigations Report (DBIR), privilege misuse accounts for approximately 15% of breaches and 18% of incidents among the organizations surveyed (page 38)....
View ArticleClik here to view.
How Vulnerable Are We?
Tenable.io Vulnerability Management ReportsCISOs often ask “How vulnerable are we?” when presented with vulnerability metrics and reports. As the head of a security team, are you prepared to answer...
View ArticleClik here to view.
Web Applications Under Attack: Tenable.io and the 2017 Verizon DBIR
According to the 2017 Verizon Data Breach Investigations Report (DBIR), web applications are under attack even more so than last year (page 57), especially in the financial sector. Primary targets are...
View Article