Clik here to view.
CVE-2020-8193, CVE-2020-8195, and CVE-2020-819: Active Exploitation of Citrix...
Following active exploitation against F5 BIG-IP devices, exploit attempts targeting newly disclosed vulnerabilities in Citrix products have begun, which include potential extraction of VPN sessions on...
View ArticleClik here to view.
What's in Your Cybersecurity Arsenal? Penetration Testing and Other Top Tactics
Take a look at key tools for your cybersecurity arsenal, including penetration testing, threat modeling and more.Determining your organizational approach to cybersecurity — which tools you use, how you...
View ArticleClik here to view.
Copy-Paste Compromises: Threat Actors Target Telerik UI, Citrix, and...
Threat actors utilize publicly available proof of concept code and exploit scripts to target unpatched vulnerabilities within organizations and government entities.BackgroundOn June 19, the Australian...
View ArticleClik here to view.
CVE-2020-3452: Cisco Adaptive Security Appliance and Firepower Threat Defense...
After Cisco disclosed a serious vulnerability in its Adaptive Security Appliance and Firepower Threat Defense, one of the security researchers credited with its discovery released proof of concept code...
View ArticleClik here to view.
CISA / NSA Alert AA20-205A
What Every OT Professional Needs To KnowToday’s joint alert from the NSA and CISA about malicious activity targeting operational technology (OT) and critical infrastructure should be taken very...
View ArticleClik here to view.
Tenable Earns SC Media’s Highest Rating for Risk-Based Vulnerability Management
SC Media recently conducted comprehensive product reviews of Tenable.io and Tenable Lumin, assessing them based on SC Labs’ standards of overall performance, ease of use, features, documentation,...
View ArticleClik here to view.
How to Build the Most Effective Information Security Framework
Build a comprehensive defense of against cyberattacks with a strong information security framework that leverages the world's best standards and infosec tools. A term like "information security...
View ArticleClik here to view.
CVE-2020-10713: “BootHole” GRUB2 Bootloader Arbitrary Code Execution...
Recently disclosed vulnerability in GRUB2 bootloader dubbed “BootHole” could allow an attacker to gain silent malicious persistence by attacking the GRUB2 config file, grub.cfg.BackgroundOn July 29,...
View ArticleClik here to view.
Conversational Kotlin: A Look at the Benefits of Readable Code
In the latest blog from Engineering@Tenable, we explore how the goal of readable code can help engineering teams minimize errors and expedite software updates.It’s probably a safe assumption that most...
View ArticleClik here to view.
Why Accidental Convergence Requires Purposeful Industrial Security
The digital “air gap” is no longer a viable strategy when it comes to securing industrial environments. Here are the safeguards you need to protect against threats across the converged IT/OT...
View ArticleClik here to view.
Ripple20: More Vulnerable Devices Discovered, Including New Vendors
A partnership between Tenable and JSOF continues to uncover additional devices vulnerable to Ripple20.BackgroundOn June 16, researchers from JSOF research lab disclosed a set of 19 vulnerabilities,...
View ArticleClik here to view.
Aligning Cybersecurity and Business: Nobody Said It Was Easy
The bad news? There's a disconnect between business and cybersecurity. The good news? Aligning them can make all the difference.If you’ve served as a CISO, CSO or other cybersecurity leader for any...
View ArticleClik here to view.
Zero-Day Remote Code Execution Vulnerability in vBulletin Disclosed
Researcher identifies a zero-day vulnerability that bypasses a fix for CVE-2019-16759, a previously disclosed remote code execution vulnerability in vBulletin. Attacks have already been observed in the...
View ArticleClik here to view.
Microsoft’s August 2020 Patch Tuesday Addresses 120 CVEs (CVE-2020-1337)
Microsoft patched 120 CVEs in August, marking the sixth month in a row of addressing over 100 CVEsMicrosoft, for the sixth month in a row, patched over 100 CVEs in the August 2020 Patch Tuesday...
View ArticleClik here to view.
CVE-2019-0230: Apache Struts Potential Remote Code Execution Vulnerability
Apache published two security bulletins to address a potential remote code execution vulnerability and a denial of service vulnerability. Public proof of concept code is available.BackgroundOn August...
View ArticleClik here to view.
How to Achieve 20/20 Visibility in Your OT Security
With IT assets comprising 20-50% of modern industrial environments, OT security leaders need technology that can deliver visibility across the converged IT/OT attack surface.Think back to a recent...
View ArticleClik here to view.
Why Cybersecurity Leaders Struggle to Answer the Question ‘How Secure Are We?’
Independent business risk study shows cybersecurity is seldom fully integrated into business strategy – and it needs to be.Picture this: a headline-grabbing vulnerability has been disclosed. It’s all...
View ArticleClik here to view.
The Overlooked Key to CISO Success: Maximizing Effective Security Partnerships
As CISOs seek to consolidate vendors and reduce costs, building effective relationships with key security vendors can be the foundation for security program success.Many security leaders take a “check...
View ArticleClik here to view.
4 Best Practices for Credentialed Scanning with Nessus
Observing these best practices for credentialed scanning will help you paint the clearest picture of your network's potential vulnerabilities.Vulnerability scanning represents one of the most important...
View ArticleClik here to view.
CVE-2020-5776, CVE-2020-5777: Multiple Vulnerabilities in the MAGMI Magento...
Tenable Research discovers multiple vulnerabilities in the MAGMI Magento plugin that could lead to remote code execution on a vulnerable Magento site.BackgroundOn September 1, we published TRA-2020-51,...
View Article