Clik here to view.
TL;DR: The Tenable Research 2020 Threat Landscape Retrospective
Tenable’s Security Response Team takes a look back at the major vulnerability and cybersecurity news of 2020 to develop insight and guidance for defenders.Søren Kierkegaard, the Danish philosopher,...
View ArticleClik here to view.
DNSpooq: Seven Vulnerabilities Identified in dnsmasq
Researchers identify seven vulnerabilities in popular Domain Name System software.BackgroundOn January 19, researchers from the JSOF Research labdisclosed seven vulnerabilities in dnsmasq, a widely...
View ArticleClik here to view.
Ready to Test Your Hacking Skills? Join Tenable’s First CTF Competition!
Tenable launches new Capture the Flag event for the security community, running from February 18–22.Capture the Flag events are a tried and true way of testing your cybersecurity skills, practicing new...
View ArticleClik here to view.
Oracle January 2021 Critical Patch Update Includes Fixes for Five Critical...
Oracle’s first Critical Patch Update of 2021 addressed 329 security updates across 25 product families, including five new critical flaws in Oracle WebLogic Server.BackgroundOn January 19, Oracle...
View ArticleClik here to view.
Daisy Chaining: How Vulnerabilities Can Be Greater Than the Sum of Their Parts
With the rise of daisy-chained cyberattacks, security teams must consider the contextual risk of each vulnerability, including its potential to be leveraged in a full system compromise.Faced with...
View ArticleClik here to view.
CVE-2020-6207: Proof of Concept Available for Missing Authentication...
A researcher has published a proof-of-concept exploit script for a critical SAP vulnerability patched in March 2020 and attackers have begun probing for vulnerable SAP systems.BackgroundOn January 14,...
View ArticleClik here to view.
OT Incident Response: 4 Reasons Asset Inventory Is Key
Without a detailed view of the assets and vulnerabilities across your OT environment, security leaders face increased costs and delays when it comes to incident response efforts.Last week on Twitter...
View ArticleClik here to view.
Cloud Security: Improve Cyber Hygiene with Resource Tagging
Adopting consistent tagging practices can help to quickly identity resources, ensure change control efforts, and reduce security risks within your cloud environments.Many organizations use the cloud to...
View ArticleClik here to view.
Securing Classified Telework: 3 Principles for Protecting Sensitive Data
As pandemic restrictions linger, federal agencies are preparing for a rise in classified telework. Here’s why a continued focus on cybersecurity fundamentals is imperative.The COVID-19 pandemic...
View ArticleClik here to view.
NERC CIP-008-6: How Power Grid Operators Can Improve Their Incident Reporting
The new NERC CIP-008-6 regulation challenges power grid operators to differentiate attempts to compromise their environment from other non-malicious cyber incidents. Here’s how Tenable can help.For...
View ArticleClik here to view.
Protecting Your Cloud Assets: Where Do You Start?
When securing dynamic cloud environments, the ability to continuously discover and assess cloud assets allows you to quickly detect issues as new vulnerabilities are disclosed and as your environment...
View ArticleClik here to view.
CVE-2021-20016: Zero-Day Vulnerability in SonicWall Secure Mobile Access...
SonicWall releases a patch after researchers confirm exploitation of a zero-day vulnerability in SonicWall Secure Mobile AccessBackgroundOn January 22, SonicWall published a product notification...
View ArticleClik here to view.
CVE-2021-21148: Google Chrome Heap Buffer Overflow Vulnerability Exploited in...
Following reports of in-the-wild exploitation, Google released a patch for the third browser-based zero-day vulnerability of 2021.BackgroundOn February 4, Google published a stable channel update for...
View ArticleClik here to view.
Reducing Blind Spots in Cybersecurity: 3 Ways Machine Learning Can Help
Faced with an expanding attack surface and limited resources, security teams can apply machine learning to prioritize business risks and help predict what attackers will do next.In today’s...
View ArticleClik here to view.
When It Comes to Your Drinking Water, How Safe Is Your Operational Technology?
The recent intrusion of a Florida water-treatment plant highlights the need for strong protection of industrial control systems. Here's what you should consider.This past Friday, in Oldsmar, Florida,...
View ArticleClik here to view.
CVE-2020-1472: Microsoft Finalizes Patch for Zerologon to Enable Enforcement...
Zerologon has quickly become valuable to nation-state threat actors and ransomware gangs, making it imperative for organizations to apply these patches immediately if they have not yet done...
View ArticleClik here to view.
Microsoft’s February 2021 Patch Tuesday Addresses 56 CVEs (CVE-2021-24074,...
Despite addressing only 56 CVEs, Microsoft’s February 2021 Patch Tuesday release contains fixes for a number of significant security threats, as well as an elevation of privilege vulnerability...
View ArticleClik here to view.
NUMBER:JACK: Nine Vulnerabilities Across Multiple Open Source TCP/IP Stacks
Nine new vulnerabilities have been identified across several TCP/IP stacks embedded in millions of OT, IoT and IT devices, spurring continued scrutiny of these already vulnerable asset...
View ArticleClik here to view.
Asset Detection with Nessus Scanners: The First Step In Assessing Cyber Risk
Building a precise inventory of existing assets across your attack surface is essential for effective vulnerability management. Here's how the asset detection process in Nessus scanners can...
View ArticleClik here to view.
Cloud Security: Why You Shouldn’t Ignore Ephemeral Assets
Your scheduled vulnerability scans may not catch short-lived cloud assets, creating opportunities for cybercriminals to exploit security gaps. The elastic nature of cloud environments allows cloud...
View Article