Clik here to view.
Audit IBM BigFix using Tenable.io
With the adoption of more cloud, mobile, IoT, and SaaS solutions, organizations need an effective way to understand, manage and reduce their cyber risk. Many organizations rely on patch management...
View ArticleClik here to view.
What a Pragmatic CISO Can Learn from the Gartner Information Security...
While we see Gartner’s 2017 information security spending forecast setting the industry abuzz with prospects of seemingly unstoppable growth – reaching $86.4 billion this year and topping the magical...
View ArticleClik here to view.
Understanding Exploitability
Tenable.io Advanced FiltersVulnerability exploits have been in headlines around the world in recent months for being a leading source of cyber risk. As a result, your organization’s leadership may have...
View ArticleClik here to view.
Patching Makes Perfect
Malware and ransomware are a big topic these days, especially with the recent releases of WannaCry and Petya variants.Typically, when I read about new malware my first thought is, “How can I stop the...
View ArticleClik here to view.
Hardcoded Credentials Expose Customers of AT&T U-Verse
On August 31, 2017, Nomotion released five vulnerabilities for two Arris modems used by AT&T U-Verse customers in the US. The vulnerabilities are of the following types:Hardcoded Credentials...
View ArticleClik here to view.
Apache Struts REST Plugin XStream XML Request Deserialization RCE (CVE...
A new critical vulnerability (S2-052) in the Apache Struts framework (CVE 2017-9805) could allow an unauthenticated attacker to run arbitrary commands on a server using the Struts framework with the...
View ArticleClik here to view.
Protecting Your Bluetooth Devices from BlueBorne
A new attack vector, codenamed BlueBorne, can potentially affect all devices with Bluetooth capabilities – ordinary computers, mobile phones, and IoT devices – literally billions of devices in the...
View ArticleClik here to view.
Is DevOps the Best Thing to Ever Happen to Security?
Many of us have heard this story before, and it goes something like this: Developers are focused on one thing and one thing only - speed. They expunge anything that gets in their way or slows them...
View ArticleClik here to view.
Piriform CCleaner Remote Backdoor
CCleaner, a popular application used for performing routine maintenance on systems, was recently found to contain a malicious backdoor. This could allow a remote attacker to extract sensitive data from...
View ArticleClik here to view.
Maintain Your &%$#* Systems! A Mantra for IT Professionals in the Wake of...
Once again, we have a basic failure in cyber hygiene causing a massive data breach. This one affects potentially half of the U.S. population and compromises particularly sensitive personal information...
View ArticleClik here to view.
A Call for Congress to Prioritize Modernizing Government Technology
While we’ve already seen Congress engage in fierce debates over fiscal year 2018 funding, it’s important to remember that there are bipartisan issues on the table. Upgrading and modernizing government...
View ArticleClik here to view.
Personalizing Your Tenable.io Scans
Tenable.io™ Scan and Policy Templates allow you to set up scans with minimal configuration. There are templates for many tasks, such as Host Discovery, detecting the latest headline-grabbing malware,...
View ArticleClik here to view.
Auditing Databases with Nessus
As a companion to another post on hardening network devices and creating baseline configurations, I wanted to look at another area where standardizing configurations can pay off in a big way. While...
View ArticleClik here to view.
New in SecurityCenter 5.5.2
Multi-LDAP support now availableWe are pleased to announce the release of SecurityCenter® 5.5.2, which will deliver a number of exciting new capabilities. Here are some highlights:Support for Multiple...
View ArticleClik here to view.
Responding to KRACK: What You Need To Know
A new weakness in WPA2 protocol could allow an attacker to read information that was previously assumed to be encrypted, provided the attacker is within the range of the victim.The weakness was...
View ArticleClik here to view.
Capture the Flag with Mr. Robot
The hacker-favorite TV show, Mr. Robot, is back on with a great season three opener that features a Capture-the-Flag contest. As the show begins, Elliot decides he needs to stop stage 2 from taking...
View ArticleClik here to view.
Securing Your Industrial Control Systems Today
The United States Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) have detected a coordinated effort by malicious actors at compromising the country’s critical...
View ArticleClik here to view.
Detecting Bad Rabbit Ransomware
A new ransomware dubbed Bad Rabbit has hit several targets and began spreading across Russia and Eastern Europe on Tuesday, October 24, 2017. The ransomware exploits the same vulnerabilities exploited...
View ArticleClik here to view.
A Diverse Cyber Workforce is Critical in the Next Era in Technology & Business
We are at a critical inflection point in technology and business today. On one hand, we are on the cusp of realizing the transformative impact of innovations like IoT and Artificial Intelligence. And...
View ArticleClik here to view.
Reaper IoT Botnet
The new modern attack surface encompasses many emerging technologies such as the Internet of Things (IoT). As IoT becomes more integrated into the business communications path and the security boundary...
View Article