Clik here to view.
Oracle April 2020 Critical Patch Update Includes Record-Breaking 397 Security...
Oracle’s second Critical Patch Update of 2020 addresses 450 CVEs across a record-breaking 397 security patches, including critical vulnerabilities in Oracle Fusion Middleware products.BackgroundOn...
View ArticleClik here to view.
Designing IT Infrastructure for a Distributed Workforce: Insights from a CIO
As remote work becomes the rule rather than an exception, organizations need new ways of thinking about IT. Here are some steps you can take to deliver on the promise of a distributed workforce.Over...
View ArticleClik here to view.
What Is VPR and How Is It Different from CVSS?
This blog series will provide an in-depth discussion of vulnerability priority rating (VPR) from a number of different perspectives. Part one will focus on the distinguishing characteristics of VPR...
View ArticleClik here to view.
How to Deploy Nessus Agents to Remote Assets
Nessus Agents are essential to help secure remote endpoints against dangerous vulnerabilities and misconfigurations. This post offers guidance on how to streamline agent deployment at scale.As...
View ArticleClik here to view.
How to Protect Yourself from Software Vulnerabilities
Identifying software vulnerabilities is essential in protecting your business against cybersecurity threats. From ransomware to data heists, a wide range of attack types use software vulnerabilities as...
View ArticleClik here to view.
How to Manage Your Nessus Software Updates
Learn how to take advantage of the newest features in Nessus 8.10 to get greater control over your Nessus experience. Manual or automated – that is the question. Nessus Professional 8.10 offers system...
View ArticleClik here to view.
ADV200004: Microsoft Releases Out-of-Band Advisory to Address Flaws in...
Microsoft responds to a recent security advisory from Autodesk by publishing an out-of-band advisory for Office products integrating the Autodesk library.BackgroundOn April 15, Autodesk released a...
View ArticleClik here to view.
Multiple Zero-Day Vulnerabilities in iOS Mail App Exploited in the Wild
Patches for a pair of critical iOS vulnerabilities are currently in beta, as users are strongly encouraged to disable accounts in their Mail app until the fixes are generally available.BackgroundOn...
View ArticleClik here to view.
What You Need to Know About the Cyberspace Solarium Commission Report...
Last month, the U.S. Cyberspace Solarium Commission provided recommendations to help prepare for major cyberattacks on our critical infrastructure and economic system. Here are our thoughts.In March,...
View ArticleClik here to view.
This Is How to Do Simple, Fast and Accurate Web App Security
Web apps are the most common attack vector causing data breaches today. Here’s how Tenable.io Web Application Scanning, built by Tenable Research, can help security teams protect their web app...
View ArticleClik here to view.
CVE-2020-12271: Zero-Day SQL Injection Vulnerability in Sophos XG Firewall...
Sophos pushes a hotfix to address an SQL injection vulnerability in Sophos XG Firewall that was exploited in the wildBackgroundOn April 22, Sophos published a knowledge base entry on the Sophos...
View ArticleClik here to view.
Why You Need to Stop Using CVSS for Vulnerability Prioritization
Most cybersecurity teams rely on the Common Vulnerability Scoring System (CVSS) to prioritize their vulnerability remediation efforts. But, they fail to realize that CVSS is an outdated, ineffective...
View ArticleClik here to view.
Coding from Home: 6 Simple Hacks for Boosting Your Productivity
Working from home poses distinct challenges for engineers who rely on sustained periods of focus. Here are some survival tips from one of Tenable’s senior software engineers for staying productive in a...
View ArticleClik here to view.
New Approaches for the “New Normal” in State and Local Government Cyber Defense
Adjusting to the new normal, state and local governments need to be more vigilant and streamlined in protecting their environments against cyber predators. What tactics can help provide high levels of...
View ArticleClik here to view.
How to Protect Scanning Credentials: Overview
Running remote vulnerability scans of your network? This three-part blog series will equip you with tips on how to keep your scanning credentials safe.Assessing systems remotely on a network has been a...
View ArticleClik here to view.
How VPR Helped Prioritize the Most Dangerous CVEs in 2019
How do VPR and CVSS compare when assessing the most dangerous CVEs in 2019? Let’s find out.Two weeks ago, we kicked off a blog series on vulnerability priority rating (VPR), with a post focused on the...
View ArticleClik here to view.
WordPress E-Learning Plugin Vulnerabilities Range from Cheating to Remote...
Several flaws in popular WordPress E-Learning plugins LearnPress, LearnDash and LifterLMS could allow for cheating, students gaining teacher privileges and exposure of sensitive personal...
View ArticleClik here to view.
CVE-2020-11651, CVE-2020-11652: Critical Salt Framework Vulnerabilities...
Shortly after the public disclosure of critical vulnerabilities in the Salt framework, exploitation attempts were observed, as two open source projects were breached using these flaws.BackgroundOn...
View ArticleClik here to view.
Instacart Patches SMS Spoofing Vulnerability Discovered by Tenable Research
As grocery delivery services have seen an increase in traffic from users during the coronavirus pandemic, Tenable Research identified an SMS spoofing flaw that could have allowed an attacker to send...
View ArticleClik here to view.
4 Major Signs You Need to Focus on Network Vulnerabilities
Network vulnerabilities can manifest in many forms. It's critical that you remain on the lookout for some of their most notable signs and work to address them sooner rather than later.There's no...
View Article