Clik here to view.
Mr. Robot Cleaning House at E-Corp
The second episode of Mr. Robot finds Elliot starting his new job at E-Corp. As he joins his new team and is looking to find a way to delay the shipment of all the paper data to New York facility,...
View ArticleClik here to view.
Configuring Least Privilege SSH scans with Nessus
Credentialed scans have long been advocated as the quickest and most accurate way to perform a vulnerability assessment against any network. But like with all things technology, it runs into two usual...
View ArticleClik here to view.
The Equifax Breach – A Cyber WTF Moment
Now that some time has passed since the news broke on the Equifax breach, we’ve had some time to ascertain the facts, digest what happened and draw some conclusions. It’s taken some time as for the...
View ArticleClik here to view.
The Year of the Modern Attack Surface
If there’s one thing 2017 has taught us so far, it’s that the attack surface has changed. Cloud, containers, custom web apps, IoT, and OT are all part of the milieu that’s forcing security teams to up...
View ArticleClik here to view.
Hiding Behind the APT Helplessness Defense...Really?
Former Equifax CEO Richard Smith’s Congressional Testimony was a real WTF moment for many of us who work in the cyber field. Last week, former Yahoo CEO Marissa Mayer testified about Yahoo’s 2013 and...
View ArticleClik here to view.
Identifying Empire HTTP Listeners
Empire is a popular open source post-exploitation framework. The framework can very roughly be broken down into two parts: agents and listeners. An agent is an implant that lives on the victim’s...
View ArticleClik here to view.
The Bad, the Ugly and the Cyber Immoral - Thank you, Uber
Technology, business and morality are not mutually exclusive, but rather fundamentally intertwined into the fabric of how our society operates and will have to increasingly operate in the future. As...
View ArticleClik here to view.
Tenable Delivers Industrial Security
Cyber-Physical Security is a Growing ProblemOrganizations are continuously leveraging new data and information capabilities to accelerate their business processes and deliver greater value to...
View ArticleClik here to view.
Detecting macOS High Sierra root account vulnerability (CVE-2017-13872)
On November 28, 2017 a software developer (Lemi Orhan Ergin) reported a critical flaw in macOS High Sierra which allows any local user to log in as root without a password after multiple attempts. The...
View ArticleClik here to view.
Detecting macOS High Sierra root account without authentication
Yesterday, Tenable™ released two plugins to detect macOS High Sierra installs which allow a local user to login as root without a password after several login attempts. Both plugins require...
View ArticleClik here to view.
From Off-the-Rack to Custom Tailored?
A Government Perspective on the Changing CDM LandscapeAs the Continuous Diagnostics & Mitigation Program (CDM) begins its next phase of task orders, it is useful to look back at the earlier stages...
View ArticleClik here to view.
Announcing Nessus Professional v7
New capabilities give security practitioners, consultants and pen-testers greater flexibilityWe’re pleased to announce Nessus Professional v7. More than 20,000 organizations today use Nessus...
View ArticleClik here to view.
A Clarification about Nessus Professional
To our valued Nessus community,We recently launched a new Tenable Community platform to provide better customer interaction, between customers and with us at Tenable. The new platform combines both the...
View ArticleClik here to view.
New Study: Many Consumers Lack Understanding of Basic Cyber Hygiene
Data breaches have been a headache for many years and for a long time there seemed to be a general apathy about them. Our sense was that things may have changed in the wake of the most severe breach...
View ArticleClik here to view.
Congress Achieves Real IT Modernization Progress
We’ve talked about the need for Congress to prioritize upgrading and modernizing government IT systems for a while now, so we were glad to see the Senate recently pass the 2017 National Defense...
View ArticleClik here to view.
Auditing Kubernetes for Secure Configurations
Over the last few years, container technology has gained traction in enterprise environments. And, as a result, use of containerized applications has exploded in the enterprise. Naturally, as its...
View ArticleClik here to view.
Triton: What You Need to Know
Correction: An earlier version of this post identified the protocol used as the TSAA protocol. This malware uses the TriStation protocol, which is proprietary and undocumented. Thanks to Jimmy Wylie...
View ArticleClik here to view.
The First Major Security Logos of 2018: Spectre and Meltdown Vulnerabilities
A major flaw in the way modern CPUs access cache memory could allow one program to access data from another program. The latest security vulnerability affects a majority of systems, if not all, used...
View ArticleClik here to view.
Tracking Scan Authentication Failures
IT systems change all the time. New applications are added, configurations are changed, permissions get revised – the list goes on and on. In some cases, the changes end up restricting access to the...
View ArticleClik here to view.
Intel AMT Back in the News
The release of new research from F-Secure spells more trouble for Intel’s Active Management Technology (AMT). AMT is used for remote access monitoring and maintenance in corporate environments....
View Article