Clik here to view.
CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483: Four Critical...
One month after disclosing four zero-day vulnerabilities in Exchange Server, Microsoft addresses four additional vulnerabilities discovered by the National Security Agency (NSA).BackgroundOn April 13,...
View ArticleClik here to view.
Tenable and the Path to Zero Trust
The simplicity of the zero-trust concept belies the complexity of implementing it in most large organizations. Here are four factors to consider before you begin the journey.Zero trust, a cybersecurity...
View ArticleClik here to view.
NAME:WRECK: Nine DNS Vulnerabilities Found in Four Open Source TCP/IP Stacks
Nine new DNS-related vulnerabilities have been identified across TCP/IP stacks embedded in millions of devices.BackgroundOn April 13, 2021, researchers at Forescout and JSOFpublished a report called...
View ArticleClik here to view.
CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in...
Threat actors are leveraging a zero-day vulnerability in Pulse Connect Secure, for which there is no immediate patch scheduled for release.BackgroundOn April 20, Pulse Secure, which was acquired by...
View ArticleClik here to view.
Oracle April 2021 Critical Patch Update Addresses 257 CVEs including...
Oracle addresses over 250 CVEs in its second quarterly update of 2021 with 390 patches, including 34 critical updates. BackgroundOn April 20, Oracle released its Critical Patch Update (CPU) for April...
View ArticleClik here to view.
Tenable Assure: Announcing the 2021 Global Partner Award Winners
Celebrating the elite defenders who are helping organizations around the world conquer their cyber risk. Cybersecurity is always a team effort. Day in, day out, defenders rely on an ecosystem of teams,...
View ArticleClik here to view.
Securing Active Directory: 3 Ways to Close the No-Password Loophole
Any Active Directory user can have their password requirements negated with a simple command. Here’s how to identify these gaps before an attacker does.With Active Directory being around for so long,...
View ArticleClik here to view.
Securing Active Directory: How to Prevent the SDProp and adminSDHolder Attack
Attackers can get into your Active Directory by leveraging the SDProp process and gaining privileges through the adminSDHolder object. Here's how to stop them.Attackers use every possible trick and...
View ArticleClik here to view.
How to Stop the Kerberos Pre-Authentication Attack in Active Directory
Here’s a look at how to safeguard your Active Directory from the known roasting attack on Kerberos Pre-Authentication.As part of the Kerberos authentication process in Active Directory, there is an...
View ArticleClik here to view.
Primary Group ID Attack in Active Directory: How to Defend Against Related...
The Primary Group ID in Active Directory, created to help manage access to sensitive resources, has become a critical vulnerability that attackers can exploit to escalate privileges without leaving a...
View ArticleClik here to view.
Insider Threats in Active Directory: How to Safeguard Privileged and...
In this post, we define privileges related to Active Directory and highlight the key security risks of internal privileged and non-privileged user groups.What do we mean by “privileges”?For the purpose...
View ArticleClik here to view.
The Top 10 Active Directory Security Questions CISOs Must Ask
Active Directory has become the primary target for advanced cyberattacks and ransomware groups. Here's what you should consider when evaluating security vendors.For more than 20 years, Active Directory...
View ArticleClik here to view.
How to Migrate to Office 365 the Secure Way
Looking to extend your Active Directory to the cloud? This guide explores options for securely migrating your on-prem identities and access controls to Office 365. Cloud computing offers lower costs,...
View ArticleClik here to view.
Disrupting Attack Paths: Why Tenable's Acquisition of Alsid Matters
This acquisition allows us to combine Tenable's ability to assess the state of the digital infrastructure with Alsid's ability to assess the state of Active Directory, helping security professionals...
View ArticleClik here to view.
Disrupting the Pervasive Attacks Against Active Directory and Identities
Securing Active Directory and the identity infrastructure is critical for preventing privilege escalation, lateral movement and attacker persistence.As we look deeper into recent high-profile breaches,...
View ArticleClik here to view.
Open Banking Is the Future: 5 Ways to Secure Your Network
The sharing of financial data across applications is changing how consumers save, manage and spend their money. Here's how financial institutions can secure the next generation of banking.Open banking...
View ArticleClik here to view.
Colonial Pipeline Ransomware Attack: How to Reduce Risk in OT Environments
It's time for Operational Technology (OT) environments to pursue a more proactive approach to cybersecurity by making cyber maintenance as much of a routine practice as the mechanical maintenance of...
View ArticleClik here to view.
GitHub’s Role in, and Responsibility to, the Security Community
GitHub's decision to remove the ProxyLogon exploit proof-of-concept from its platform put security researchers at a disadvantage even as attackers continued to exploit the vulnerabilities en...
View ArticleClik here to view.
Microsoft’s May 2021 Patch Tuesday Addresses 55 CVEs (CVE-2021-31166)
After crossing the 100 CVEs patched mark for the first time in April, Microsoft patched just 55 CVEs in May, the lowest number of CVEs patched this year.4Critical50Important1Moderate0LowMicrosoft...
View ArticleClik here to view.
The Path to Zero Trust: Is it Time to Rethink What We're Calling a...
Reconsidering how we define "vulnerability" is more than a thought exercise. It could represent a sea change in how organizations manage risk.For most of us in cybersecurity, the definition of...
View Article