Clik here to view.
CDM: Making US Federal Agencies More AWARE of Cyber Exposure
At a recent Tenable sponsored MeriTalk event, Kevin Cox, program manager for Continuous Diagnostics and Mitigation (CDM), provided a preview of coming attractions regarding the CDM federal dashboard....
View ArticleClik here to view.
Intro to the Tenable.io API
Leveraging Tenable.io featuresTenable.io is the world’s first Cyber Exposure platform, giving you complete visibility into your network and helping you to manage and measure your modern attack surface....
View ArticleClik here to view.
Three Reasons Why DevOps Is a Game-Changer for Security
A lot has been written about how the DevOps revolution is making life much more challenging for cybersecurity. A big reason why: Security teams are largely missing from DevOps sprints and scrums today....
View ArticleClik here to view.
An Infrastructure Plan in the 21st Century Needs to Address Cybersecurity
U.S. President Trump is expected to discuss his long-awaited infrastructure plan in tonight’s State of the Union address, but we should not expect full details for a few more weeks. The focus on...
View ArticleClik here to view.
Ploutus-D ATM Malware Reported in U.S.
Ploutus-D is malware used for ATM jackpotting. It was discovered in Mexico in 2013, and is now getting reported as reaching the U.S. by Krebs on Security. This attack has been analysed by FireEye in...
View ArticleClik here to view.
Introducing Tenable.io On-Prem
New deployment option allows you to keep data on-premBy now, the benefits of cloud computing are well-understood. Organizations look to the cloud for on-demand scalability, simplified deployment and...
View ArticleClik here to view.
Identifying Systems Affected by Cisco ASA Critical Vulnerability (CVE-2018-0101)
On January 29, Cisco released an advisory for a critical vulnerability in their Adaptive Security Appliance (ASA) software. The critical flaw, assigned CVE-2018-0101, has a CVSS score of 10.0 and could...
View ArticleClik here to view.
Data Breach Reporting Laws Hit Australia with Serious Implications for...
Mandatory Data Breach Notification Laws will kick in on 22 February, but businesses remain unprepared. How is yours tracking?February 22 marks the date Australia finally rolls out its long-awaited data...
View ArticleClik here to view.
Tips on Using the Tenable Python SDK: How to Run Internal Scans, Scan Imports...
The Tenable Python SDK was built to provide Tenable.io™ users with the ability to leverage the Tenable.io API by building their own scripts, programs and modules that can seamlessly interact with their...
View ArticleClik here to view.
Find Plugins Faster: Introducing a More Powerful Plugins Search
Plugins are at the core of Tenable products. Over 100,000 of these simple programs check for specific flaws to detect vulnerabilities. We’ve previously detailed what plugins are, how they work and even...
View ArticleClik here to view.
Exim Buffer Overflow RCE Vulnerability (CVE-2018-6789) – What You Need to Know
On February 10, the Unix-based email server Exim released an update to address a heap buffer overflow vulnerability that can be used by an unauthenticated attacker to remotely execute arbitrary code....
View ArticleClik here to view.
Zero Exposure Team Advisory: Micro Focus Operations Orchestration, Remote...
Tenable Research's Zero Exposure team just released an advisory for an information disclosure and denial-of-service vulnerability in Micro Focus Operations Orchestration software. This post provides...
View ArticleClik here to view.
Slingshot Malware Uses IoT Device in Targeted Attacks
A new and very advanced malware attack has been discovered by Kaspersky Lab. The malware named Slingshot, due to a string in one of the hijacked system DLLs, is a sophisticated attack that leads to a...
View ArticleClik here to view.
AMD Flaws Acknowledged
CTS-Labs published several AMD flaws over a week ago. For those of us who read vulnerability disclosures regularly, this particular disclosure was curious. Not only was the branded website bereft of...
View ArticleClik here to view.
New in Nessus: Elliptic Curve Cryptography with SSH
Cryptography is like finding and patching system vulnerabilities. Both are a race. In the former, the race is between mathematicians finding efficient, hard-to-reverse computations and opposing...
View ArticleClik here to view.
SamSam Ransomware: How to Identify and Mitigate the Risk
As many news outlets have reported, Atlanta is recovering from an attack on its city computers that occurred on the morning of March 22. Initial reports stated and later confirmed that SamSam...
View ArticleClik here to view.
Critical Drupal Core Vulnerability: What You Need to Know
Drupal is popular, free and open-source content management software. On March 28, the Drupal security team released patches for CVE-2018-7600, an unauthenticated remote code execution vulnerability in...
View ArticleClik here to view.
5 Best Practices for Credentialed Scanning
Performing vulnerability scans with or without credentials has been a hotly debated issue: On one hand, uncredentialed scans provide security teams with a hacker’s view of the organization, with a...
View ArticleClik here to view.
Proof of Concept (and Patch) for Critical Cisco IOS Vulnerability: CVE-2018-0171
Embedi, a security firm, has discovered a major security flaw in the Cisco Smart Install code. According to Embedi and Cisco, “A vulnerability in the Smart Install feature of Cisco IOS Software and...
View ArticleClik here to view.
Nessus Turns 20!
Twenty years ago this week, I released the first public version of Nessus. Little did I know at the time the profound impact it would have both on the industry and on me personally.Over this period of...
View Article