Clik here to view.
These Are the Building Blocks of Effective Vulnerability Management
High-performing cybersecurity teams base their actions and investments on actual risk to the business — not theoretical scores or news headlines. If you're like most cybersecurity professionals I talk...
View ArticleClik here to view.
Elon Musk and SNL: Scammers Steal Over $10 Million in Fake Bitcoin, Ethereum...
In the run up to Elon Musk hosting NBC’s Saturday Night Live and the potential mention of Dogecoin on the show, scammers quickly capitalized on his appearance by promoting fake giveaways on Twitter and...
View ArticleClik here to view.
The Top 5 Active Directory Misconfigurations Putting Your Organization at Risk
Tenable's Security Response Team examines some of the most common Active Directory misconfigurations targeted by attackers and offers proactive measures to help cyber defenders disrupt attack paths....
View ArticleClik here to view.
CVE-2021-21985: Critical VMware vCenter Server Remote Code Execution
VMware has issued patches for a critical remote code execution vulnerability in vCenter Server. Organizations are strongly encouraged to apply patches as soon as possible.BackgroundOn May 25, VMware...
View ArticleClik here to view.
The Implications of DHS-TSA Directive Pipeline 2021-1
The Department of Homeland Security has issued key guidance for oil and gas operations in the wake of recent cyberthreats. Here are three practical ways to disrupt attack paths in your OT...
View ArticleClik here to view.
Identifying Prototype Pollution Vulnerabilities: How Tenable.io Web...
Prototype pollution vulnerabilities are complex issues which can put your web applications and users at serious risk. Learn how these flaws arise and how Tenable.io Web Application Scanning can...
View ArticleClik here to view.
Microsoft’s June 2021 Patch Tuesday Addresses 49 CVEs (CVE-2021-31955,...
Microsoft addresses 49 CVEs with six having been observed as exploited in the wild5Critical44Important0Moderate0LowMicrosoft patched 49 CVEs in its June 2021 Patch Tuesday release, including five CVEs...
View ArticleClik here to view.
How to Protect Active Directory Against Ransomware Attacks
Ransomware attacks every type of organization from every angle and Active Directory remains the common target. Stop privilege escalation by fixing these key AD and group policy...
View ArticleClik here to view.
Microsoft Teams: Vulnerability in Microsoft Power Apps Service Allows Theft...
A flaw in Microsoft Power Apps could allow attackers to steal emails, Teams messages and OneDrive files.BackgroundMicrosoft recently patched a vulnerability in Microsoft Teams, a business communication...
View ArticleClik here to view.
How to Discover and Continuously Assess Your Entire Attack Surface
To eliminate network blind spots and fully understand your entire attack surface, it's essential to determine which discovery and assessment tools are required for each asset type.If you've been in...
View ArticleClik here to view.
8 Active Directory Best Practices to Minimize Cybersecurity Risk
Follow these best practices to harden your Active Directory security against cyberattacks and stop attack paths.Active Directory (AD) equips businesses using Windows devices to organize IT management...
View ArticleClik here to view.
Configuring The Ports That Nessus Scans
When only select ports require scanning, use these easy steps to define themWhen assessing targets with a network scanner like Nessus, a common question is "How do I control the ports that Nessus tests...
View ArticleClik here to view.
CVE-2021-20019: SonicWall Fixes Incomplete Patch for CVE-2020-5135
SonicWall issues a new advisory and CVE identifier to address an incomplete fix for CVE-2020-5135.BackgroundOn June 22, SonicWall published an advisory (SNWLID-2021-0006) to address an incomplete fix...
View ArticleClik here to view.
Elon Musk and YouTube Advertising Scams: Fake SpaceX “Coin” Promoted in Ads...
Scammers are on pace to steal nearly $1 million USD from unsuspecting users through a popular decentralized finance protocol, Uniswap, by abusing YouTube to promote a fake SpaceX coin as part of ads...
View ArticleClik here to view.
CVE-2020-3580: Proof of Concept Published for Cisco ASA Flaw Patched in October
Researchers at Positive Technologies have published a proof-of-concept exploit for CVE-2020-3580. There are reports of researchers pursuing bug bounties using this exploit.BackgroundOn October 21,...
View ArticleClik here to view.
Find Your Fit on Team Tenable
Engineering, human resources, product management and billing: Here's how four employees with a wide range of skills are making their mark in cybersecurity.At Tenable, we're united in a common mission:...
View ArticleClik here to view.
CVE-2021-1675: Proof-of-Concept Leaked for Critical Windows Print Spooler...
Researchers published and deleted proof-of-concept code for a remote code execution vulnerability in Windows Print Spooler, called PrintNightmare, though the PoC is likely still available.BackgroundAt...
View ArticleClik here to view.
From Vulnerability Discovery to Remediation: How Tenable and HCL BigFix Can Help
Reducing the time required to move from vulnerability assessment to remediation is a never ending challenge for most organizations. Here's how the integration between Tenable and HCL BigFix can help...
View ArticleClik here to view.
CVE-2021-30116: Multiple Zero-Day Vulnerabilities in Kaseya VSA Exploited to...
Zero-day vulnerabilities in popular remote monitoring and management software targeted by threat actors to distribute ransomware to reportedly over one million systems.Update July 6, 2021: Tenable is...
View ArticleClik here to view.
CVE-2021-34527: Microsoft Releases Out-of-Band Patch for PrintNightmare...
Microsoft issues an out-of-band patch for critical ‘PrintNightmare’ vulnerability following reports of in-the-wild exploitation and publication of multiple proof-of-concept exploit scriptsBackgroundOn...
View Article