Tenable Is Cited As A Leader in Vulnerability Risk Management by Independent...
The company is top-ranked in strategy and current offering.Tenable was among 13 select companies invited by Forrester to participate in its October 17, 2019, Forrester Wave™ evaluation, Vulnerability...
View ArticleCVE-2019-7609: Exploit Script Available for Kibana Remote Code Execution...
An exploit script for the previously patched Kibana vulnerability is now available on GitHub.BackgroundOn October 21, an exploit script was published to GitHub for a patched vulnerability in Kibana,...
View ArticleThis Is How Public-Private Partnerships Strengthen Grid Security
In recent years, the increased availability of IoT and OT devices has enabled the electric grid to operate more efficiently. But, these devices also expand the cyber threat landscape, creating prime...
View ArticleCash App Scams: Legitimate Giveaways Provide Boost to Opportunistic Scammers
Scammers target vulnerable Cash App users on Twitter and Instagram through fake requests, money flipping and mobile application referrals, while YouTube videos promote fake Cash App generators. Here’s...
View ArticleCash App Scams: Giveaway Offers Ensnare Instagram Users, While YouTube Videos...
Cash App scammers are targeting users on Instagram and YouTube. Here’s what you need to know about their tactics — and how to avoid being conned.In part one of our two-part series on Cash App scammers,...
View ArticleCVE-2019-11043: Vulnerability in PHP-FPM Could Lead to Remote Code Execution...
Web servers using nginx and PHP-FPM are vulnerable to this flaw under certain conditions.BackgroundOn October 22, security researcher Omar Ganiev published a tweet regarding a “freshly patched” remote...
View ArticleCVE-2019-13720: Use-After-Free Zero Day in Google Chrome Exploited in the Wild
Though details are scant, Google released a patch for a Google Chrome vulnerability that has been exploited in the wild as a zero day.BackgroundOn October 31, Google published a Stable Channel Update...
View ArticleCVE-2019-0708: BlueKeep Exploited in the Wild to Deliver Cryptocurrency Miner
Researchers identify the first in-the-wild exploit of the BlueKeep vulnerability nearly six months after it was disclosed.BackgroundOn November 2, security researchers Kevin Beaumont (@GossiTheDog) and...
View ArticleMicrosoft's November 2019 Patch Tuesday: Tenable Roundup
With over 70 CVEs, Microsoft’s November 2019 Patch Tuesday corrects 13 critical vulnerabilities, including a patch for an Internet Explorer vulnerability exploited in the wild. Microsoft’s November...
View ArticleCVE-2019-12409: Default Configuration in Apache Solr Could Lead to Remote...
Linux servers using Apache Solr versions 8.1.1 and 8.2.0 with default configurations are potentially vulnerable to remote code execution.BackgroundOn July 22, 2019, a configuration flaw in versions...
View ArticleCVE-2019-14271: Proof of Concept for Docker Copy (docker cp) Vulnerability...
Proof-of-concept (PoC) code for a security flaw in Docker, the popular containerization platform, is now public.BackgroundOn November 19, researchers at Unit 42, Palo Alto Networks’ research team,...
View ArticleHow Vulnerability Scanning Is Used for Penetration Testing
By the time a data breach occurs, it may be too late to measure the effectiveness of your vulnerability management program. Penetration testing can help detect weaknesses – before threat actors do....
View ArticleApache Solr Vulnerable to Remote Code Execution Zero-Day Vulnerability
Apache Solr remains vulnerable to a zero day weeks after proof-of-concept code became public.BackgroundOn October 29, a proof of concept (PoC) for a remote code execution (RCE) vulnerability in Apache...
View ArticleHow to Audit Microsoft Azure with Tenable Solutions
Microsoft Azure is a cloud offering that provides infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and software-as-a-service (SaaS) solutions. With the complexities associated with the...
View ArticleGiving Tuesday at Tenable: A Look at We Care → In Action
In the spirit of Giving Tuesday, we’re featuring the Multiple Sclerosis Foundation, Tenable’s We Care → In Action global cause for 2019. Here, our own Adrian Morgan, senior marketing operations...
View ArticleA Look at the Vulnerability-to-Exploit Supply Chain
Last week, Tenable Research released the report, How Lucrative Are Vulnerabilities? A Closer Look at the Economics of the Exploit Supply Chain, which takes a close look at the vulnerability-to-exploit...
View ArticleWhy Security and Legal Need to Work Together
This three-part blog series explores the relationship between law and security, as it pertains to vulnerability management. In part one, we’ll look at how the changing field of cybersecurity requires...
View Article3 Reasons Why Your Business Is Vulnerable to Cyber Threats
Today’s cyber landscape changes in the blink of an eye. It’s critical to understand why your business is vulnerable – so you can take the right steps to protect it.According to Ponemon Institute’s...
View ArticleMicrosoft's December 2019 Patch Tuesday Includes Fix for Zero Day Exploited...
Microsoft closes out 2019 by patching 36 CVEs, including one flaw that was exploited in the wild as a zero-day.Microsoft sent administrators around the world an early holiday gift with a...
View Article5 Questions to Ask Legal About Vulnerability Disclosure
In part two of our series exploring the relationship between law and security, we’ll look at the key questions cybersecurity should ask legal when a company learns about a vulnerability in a product...
View Article