Clik here to view.
CVE-2020-3566, CVE-2020-3569: Zero-Day Vulnerabilities in Cisco IOS XR...
Cisco warns of two zero-day denial-of-service vulnerabilities in its IOS XR Software actively exploited in the wild.BackgroundOn August 29, 2020, Cisco published an advisory regarding a zero-day...
View ArticleClik here to view.
What COVID-19 Response Strategies Tell Us About the Business-Cybersecurity...
As organizations around the world raced to develop strategies to respond to the COVID-19 pandemic, an independent business risk study shows cybersecurity leaders were largely left out.The way in which...
View ArticleClik here to view.
Critical Vulnerability in File Manager WordPress Plugin Exploited in the Wild
Attackers have begun to target a vulnerability in a popular WordPress plugin with over 700,000 active installations, attempting to inject malicious code.BackgroundOn September 1, researchers at...
View ArticleClik here to view.
TikTok Ad Scams: Insufficient Moderation Leaves 'For You' Page Filled with...
TikTok’s popular “#ForYou” page has become a habitat for scammers peddling fake mobile applications, diet pills, drop-shipped goods, fake gift cards and more.The fate of TikTok’s operations in the...
View ArticleClik here to view.
Microsoft’s September 2020 Patch Tuesday Addresses 129 CVEs
For the fourth month in a row, Microsoft patches over 120 CVEs, addressing 129 CVEs in its September release.Microsoft patched 129 CVEs in the September 2020 Patch Tuesday release, including 23 CVEs...
View ArticleClik here to view.
CVE-2020-2040: Critical Buffer Overflow Vulnerability in PAN-OS Devices...
PAN-OS devices that have enabled the captive portal or multi-factor authentication features are vulnerable to a critical buffer overflow flaw.BackgroundOn September 9, Palo Alto Networks (PAN)...
View ArticleClik here to view.
Understanding Cross-Origin Resource Sharing Vulnerabilities
To avoid exposure to a variety of web application vulnerabilities, specific security considerations must be made when implementing Cross-Origin Resource SharingToday’s modern web applications rely...
View ArticleClik here to view.
How to Maximize Compliance Scans with Nessus
Conduct compliance audit scans effectively and efficiently with Nessus Professional by leveraging these best practices. Tasks required to maintain compliance don't find themselves on most people's...
View ArticleClik here to view.
CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to...
Security researchers reveal how the cryptographic authentication scheme in Netlogon can be exploited to take control of a Windows domain controller (DC).BackgroundOn September 11, researchers at Secura...
View ArticleClik here to view.
Communicating Business Risk: Why Existing Cybersecurity Metrics Fall Short
How do you communicate the business risk context of your cybersecurity program to your organization’s C-level executives? This is a question I grapple with every day in my role as a cybersecurity...
View ArticleClik here to view.
US Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target...
CISA warns that foreign threat actors from China and Iran are routinely targeting unpatched vulnerabilities across government agencies and U.S.-based networks.BackgroundOn September 14 and September...
View ArticleClik here to view.
A Practitioner’s Perspective on Risk-Based VM: What People, Processes and...
Moving from legacy vulnerability management to a risk-based approach can be a paradigm shift, requiring not only new technologies, but changes in your existing processes and procedures. Here’s a brief...
View ArticleClik here to view.
Cybersecurity for Critical Infrastructure: How CISA Programs, New Legislation...
Recent efforts by the U.S. Cybersecurity and Infrastructure Agency, combined with significant bills coming out of the House and Senate, are putting critical infrastructure operators on a path towards...
View ArticleClik here to view.
Multiple Vulnerabilities in CodeMeter Leave Managed Industrial Control...
Six vulnerabilities in a popular license management product put industrial control systems at risk for remote attacks.BackgroundOn September 8, researchers at Claroity published their detailed...
View ArticleClik here to view.
5 Steps for Becoming a Business-Aligned Cybersecurity Leader
Independent business risk study shows when security and the business are aligned around agreed-upon contextual data, they deliver demonstrable results. Here's how to get there.Folks, cybersecurity is...
View ArticleClik here to view.
Beware the Chatbots: You May Be At Risk
With the increasing use of chatbots as a frontline tool for businesses, organizations need to take a closer look at the security of such services and include them in their threat model.Chatbots, such...
View ArticleClik here to view.
How to Make the Most of Your Nessus Trial
There's plenty you can do during Nessus Professional's free trial period to experience the strength of the No. 1 vulnerability assessment platform. It's not always easy to know what to make of free...
View ArticleClik here to view.
How Tenable Engineering Stays Connected in the COVID-19 Era
Supporting remote engineering teams requires intentional efforts to spur social engagement and make it easier for employees to unplug from work. Here are some tactics your team can use to drive...
View ArticleClik here to view.
Tenable’s Cyber Exposure Management Platform Enhancements Help You See,...
Armed with these new capabilities, Tenable users will be equipped to see everything, predict what matters most and act to address cyber risk so they can effectively align their cybersecurity...
View ArticleClik here to view.
CVE-2020-6925, CVE-2020-6926, CVE-2020-6927: Multiple Vulnerabilities in HP...
Vulnerabilities in HP Device Manager could be chained to achieve unauthenticated remote command execution.BackgroundOn September 25, HP published a security bulletin to address multiple vulnerabilities...
View Article