Clik here to view.
CIS Adapts Critical Security Controls to Industrial Control Systems
The Center for Internet Security (CIS) recently updated their popular CIS Controls– formerly known as the SANS Top 20 – and just published a companion CIS Controls Implementation Guide for Industrial...
View ArticleClik here to view.
Compliance: What You Need to Know About Configuration Audit Variables
Whether assessing systems against your organization’s own security policy or industry benchmarks and standards, configuration auditing is critical to compliance. Security policies are defined via...
View ArticleClik here to view.
Tenable Research Advisory: Patches Issued For Critical Vulnerabilities in 2...
A new critical remote code execution vulnerability in AVEVA’s Indusoft Web Studio and InTouch Machine Edition can be exploited to compromise sensitive operational technology. AVEVA has released a patch...
View ArticleClik here to view.
Cisco Issues Patches for 4 Critical Vulnerabilities in Cisco Policy Suite
Cisco’s Policy Suite for Mobile controls billing and access control for customer devices. Root access to this suite is concerning because of the breadth of user device access.The latest batch of Cisco...
View ArticleClik here to view.
Tenable IPO: Accelerating Our Vision
Today, Tenable officially became a public company, trading on the Nasdaq under the ticker symbol TENB.As we embark on our new chapter as a public company, I want to take this moment to thank each of...
View ArticleClik here to view.
Cybersecurity Benchmarking: Where’s The Data?
When it comes to communicating with the C-suite and Board of Directors about their organization’s cyber exposure, few IT and security professionals are happy with the benchmarking data currently...
View ArticleClik here to view.
July Vulnerability of the Month: Two Zero-Days Caught in Development
An Adobe Reader double free vulnerability on Windows and macOS systems earns the nod for its interesting discovery and patch story. Novelty, sophistication or just plain weirdness are some of the...
View ArticleClik here to view.
Underminer Exploit Kit: How Tenable Can Help
The “Underminer” exploit kit is having widespread impact in Asian countries, particularly Japan. Thankfully, mitigation is relatively simple and involves patching and other well-known security best...
View ArticleClik here to view.
How Mature Are Your Cyber Defender Strategies?
Our latest research examines real-world vulnerability assessment practices at 2,100 organizations to understand how defenders are approaching this crucial step in cyber hygiene.For our latest research...
View ArticleClik here to view.
Leaky Amazon S3 Buckets: Challenges, Solutions and Best Practices
Amazon Web Service (AWS) S3 buckets have become a common source of data loss for public and private organizations alike. Here are five solutions you can use to evaluate the security of data stored in...
View ArticleClik here to view.
Faxsploit Allows Remote Code Execution Through HP All-in-One Printers
A new exploit demonstrated by Checkpoint Research at DEF CON last week leverages vulnerabilities in all-in-one printers, potentially allowing attackers to take control of other devices on the...
View ArticleClik here to view.
Foreshadow: Speculative Execution Attack Targets Intel SGX
A flaw in Intel’s Software Guard Extensions implementation allows an attacker to access data stored in memory of other applications running on the same host, without the need for privilege...
View ArticleClik here to view.
Oracle JavaVM Database Takeover
A new vulnerability discovered in the Oracle Database JavaVM component can result in complete database compromise and shell access to the underlying server. BackgroundOracle released an out-of-band...
View ArticleClik here to view.
SecurityCenter Innovation Continues with 5.7 Release
Tenable SecurityCenter 5.7 enhancements address the vulnerability management (VM) needs of today’s modern and highly mobile workforce.As digitization continues and companies invest in a highly mobile...
View ArticleClik here to view.
New Apache Struts Vulnerability Could Allow for Remote Code Execution
Researchers at Semmle have disclosed a critical vulnerability in Apache Struts, similar to the vulnerability at the root of the Equifax breach. Our advice? Update now!BackgroundSemmle researchers...
View ArticleClik here to view.
Microsoft Scheduler Zero-Day Exploit Available in the Wild: Caution Urged
The exploit -- which impacts the Advanced Local Procedure Call (ALPC) interface -- gives standard Windows users the ability to raise their privileges. Malware authors will no doubt be leveraging this...
View ArticleClik here to view.
Tenable Welcomes Diwakar Dayal to the Role of Managing Director, India and SAARC
Dayal’s appointment to this newly created role demonstrates Tenable’s strong, ongoing commitment to the India and SAARC region.Today, I’m delighted to announce the appointment of Diwakar Dayal to the...
View ArticleClik here to view.
August Vulnerability of the Month: Critical Vulnerability in Oracle WebLogic...
In August, Tenable Research voted to highlight CVE-2018-2893 in Oracle WebLogic Server because it was almost immediately exploited by multiple threat actors.Novelty, sophistication or just plain...
View ArticleClik here to view.
Cisco Critical Advisories for September Includes Patch for Struts Vulnerability
Cisco has released advisories for 29 issues, including three critical vulnerabilities. The update also includes a patch for CVE-2018-11776 in Apache Struts.BackgroundOn Wednesday, September 5, Cisco...
View ArticleClik here to view.
Tenable Research Advisory: Advantech WebAccess Remote Command Execution Still...
Tenable Researcher Chris Lyne discovered that Advantech WebAccess versions 8.3, 8.3.1 and 8.3.2 are still vulnerable to remote command execution CVE-2017-16720, which was originally disclosed by ZDI in...
View Article