Clik here to view.
Advisory: Red Hat DHCP Client Command Injection Trouble
On May 15, Red Hat disclosed a critical vulnerability in a script included in NetworkManager for the Dynamic Host Configuration Protocol (DHCP) client on Red Hat Enterprise Linux (RHEL). The...
View ArticleClik here to view.
May Vulnerability of the Month: Java Deserialization Everywhere
Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability of the...
View ArticleClik here to view.
Spectre And Meltdown Still Haunting Intel/AMD
The ongoing saga of the Spectre and Meltdown vulnerabilities has just taken a new turn. Discovered by Google Project Zero (GPZ) and Microsoft, the new variants affect everything from desktops, laptops...
View ArticleClik here to view.
Web Application Scanning On-Prem Now Available
Earlier this year, we introduced Tenable.io on-prem, an on-prem deployment option for our Cyber Exposure platform. While Tenable.io is first and foremost a cloud-delivered platform, Tenable.io on-prem...
View ArticleClik here to view.
Eliminating the Attacker's Advantage - Why Original Research Matters
One problem which has been lingering for too long in the security industry is the concept that “security research” has long been way more of an art than a science. As our industry matures, we need to...
View ArticleClik here to view.
Quantifying the Attacker’s First-Mover Advantage
Tenable Research has just released a report on the difference in time between when an exploit is publicly available for a given vulnerability and the first time that a vulnerability is assessed.For...
View ArticleClik here to view.
Unveiling Tenable’s New Technical Support Plan
In today’s changing threat landscape, protecting your organization and its data from modern attacks is critical. Many organizations rely on Tenable® for their vulnerability management and Cyber...
View ArticleClik here to view.
How to Secure Public Cloud and DevOps? Get Unified Visibility.
One of the most transformative changes in the IT industry over the last decade has been the adoption of public cloud (IaaS) services such as AWS, Azure and GCP.Public clouds are more than “just”...
View ArticleClik here to view.
Zip Slip Critical Archive Extraction Vulnerability
Security slipup with Zip SlipYesterday, the Snyk Security team released information about a widespread archive extraction vulnerability known as Zip Slip. Zip Slip allows cyberattackers to write...
View ArticleClik here to view.
Subscription Auto-Renewal Program: New Options to Save You Time
On June 11, we’re rolling out a subscription auto-renewal program for customers who purchased through our eCommerce site after July 10, 2017.We created the auto-renewal program with one goal in mind:...
View ArticleClik here to view.
Adobe Flash Player Has (Another) Critical Zero-Day Vulnerability
The Adobe Flash Player is widely adopted and a choice target for attackers given its history with vulnerabilities and the potential footprint exploits can have. Adobe consistently provides security...
View ArticleClik here to view.
Critical Cisco Secure Access Control System (ACS) Vulnerability
Researchers at Positive Technologies discovered a serious flaw (CVE-2018-0253) in Cisco’s Secure Access Control System (ACS). System administrators use Cisco ACS to authenticate users across the...
View ArticleClik here to view.
Should You Still Prioritize Exploit Kit Vulnerabilities?
One of the greatest challenges that enterprises face is prioritizing vulnerabilities for remediation. Trying to determine which vulnerabilities pose a true imminent risk deserving of immediate...
View ArticleClik here to view.
ICS/SCADA Smart Scanning: Discover and Assess IT-Based Systems in Converged...
ICS/SCADA Smart Scanning discovers and thoroughly assesses IT-based systems in the converged IT/OT environment, while reducing the risk of disrupting OT devices.Increasingly, operational technology...
View ArticleClik here to view.
Apple Code-Signing Flaw: Developers Beware
Okta’s Research and Exploitation team released details on June 12 about an issue with third-party code-signing validation using Apple’s APIs. The flaw, which dates back to 2005, makes it possible for...
View ArticleClik here to view.
June Vulnerability of the Month: Electron Vulnerability Out-Hyped by Efail?
Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability to...
View ArticleClik here to view.
Gain Greater Insight into Operational Technology Environments
Award-winning Tenable® Industrial Security adds approximately 350 new operational technology (OT) asset detections and delivers interactive 2D topology mapping and 3D visualization.Tenable Industrial...
View ArticleClik here to view.
Cisco ASA Exploited in the Wild; FXOS, NX-OS Get High-Priority Patches
Cisco released a high-severity patch update for CVE-2018-0296 on June 22 which affects the Adaptive Security Appliance (ASA). There’s no time to waste in deploying this patch, as the company’s advisory...
View ArticleClik here to view.
Tenable Research: May Vulnerability Disclosure Roundup
Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to...
View ArticleClik here to view.
Is Your DevOps Secure?
<p>DevOps has become a competitive advantage for many organizations. However, many of these processes are not secure and raise serious challenges for cybersecurity professionals. Here’s how...
View Article