Clik here to view.
Dealing with the Attack Surface Beyond Vulnerabilities
A good understanding of the attack surface is of prime importance in measuring and prioritizing risk. Here's how Tenable's data can allow security professionals to have a more realistic view of their...
View ArticleClik here to view.
Zero Day Vulnerabilities in Industrial Control Systems Highlight the...
The disclosure of zero day vulnerabilities in several Schneider Electric industrial control systems highlights the need to revamp cybersecurity practices in operational technology environments. A zero...
View ArticleClik here to view.
Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs (CVE-2021-31979,...
Microsoft highlights 116 CVEs including two which were addressed by April patches.12Critical103Important1Moderate0LowMicrosoft patched 116 CVEs in the July 2021 Patch Tuesday release, including 12 CVEs...
View ArticleClik here to view.
Cut Through the Marketing Hype: Determine Which Vulnerability Assessment Tool...
Not all scanning solutions are created equal…The vulnerability assessment market has changed dramatically over the past several years. A growing number of vendors who once provided scan tools that...
View ArticleClik here to view.
CVE-2021-35211: SolarWinds Serv-U Managed File Transfer Zero-Day...
Following a patch for a zero-day vulnerability in SolarWinds’ Serv-U Managed File Transfer, researchers share new details about the attacks, as over 8,000 systems remain publicly accessible and...
View ArticleClik here to view.
You Can't Modernize Critical Infrastructure Without Cybersecurity
Will bipartisan legislation in the U.S. make securing IT and operational technology a priority?U.S. lawmakers have an unprecedented opportunity to vastly improve the cybersecurity posture of the...
View ArticleClik here to view.
How to Measure the Efficacy of Your Cybersecurity Program: 5 Questions to Ask
When it comes to measuring the efficacy of your security efforts, understanding how your program stacks up against peers can reveal where key improvements or investments are needed. Proving success in...
View ArticleClik here to view.
Focus on the Fundamentals: 6 Steps to Defend Against Ransomware
Ransomware is the monetization of poor cyber hygiene. Here are 6 steps you can take to improve your security defenses.Ransomware attacks have become a boardroom issue for nearly every organization. In...
View ArticleClik here to view.
Oracle July 2021 Critical Patch Update Addresses 231 CVEs
Oracle addresses 231 CVEs in its third quarterly update of 2021 with 342 patches, including 49 critical updates. BackgroundOn July 20, Oracle released its Critical Patch Update (CPU) for July 2021, the...
View ArticleClik here to view.
How to Improve Your Cybersecurity Decision-Making to Reduce Business Risk
Increase your program efficacy by identifying the metrics that offer the right context to aid decision making across the executive, strategic and tactical levels of your organization.The challenges for...
View ArticleClik here to view.
New In Nessus: Find and Fix These 10 Active Directory Misconfigurations
Let's face it: Active Directory is a feeding frenzy for hackers. Here's how our updated Nessus scan engine can help you disrupt attack paths.Active Directory (AD) has been the leading identity and...
View ArticleClik here to view.
How Risk-based VM Can Help Address the Most Commonly Exploited...
Tenable's analysis of the 29 vulnerabilities highlighted in a recent CISA alert reveals key differences between CVSS and our Vulnerability Priority Rating.Attackers continue to exploit known and...
View ArticleClik here to view.
How to Strengthen Active Directory and Prevent Ransomware Attacks
Ransomware attacks do not always follow the same steps, but addressing these three trends will allow you to secure Active Directory and disrupt attacks.Attacks are plaguing organizations around the...
View ArticleClik here to view.
Unpacking the U.S. National Security Memorandum on Improving Cybersecurity...
Recent activity from the Biden Administration represents a watershed moment in the establishment of baseline standards for preparing, mitigating and responding to attacks that impact the critical...
View ArticleClik here to view.
CVE-2021-1609: Critical Remote Code Execution Vulnerability in Cisco Small...
Cisco releases patches for Critical vulnerabilities in its line of Small Business VPN Routers.BackgroundOn August 4, Cisco released several security advisories, including an advisory for two...
View ArticleClik here to view.
CVE-2021-22937: Remote Code Execution Patch Bypass in Pulse Connect Secure
Pulse Secure has patched CVE-2021-22937, a patch bypass for CVE-2020-8260, in its Connect Secure products.BackgroundOn August 2, Pulse Secure published an advisory and patches for several...
View ArticleClik here to view.
ProxyShell: Attackers Actively Scanning for Vulnerable Microsoft Exchange...
Three vulnerabilities from DEVCORE researcher Orange Tsai could be chained to achieve unauthenticated remote code execution. Attackers are searching for vulnerable instances to exploit.BackgroundLast...
View ArticleClik here to view.
Microsoft’s August 2021 Patch Tuesday Addresses 44 CVEs (CVE-2021-26424,...
Microsoft addresses 44 CVEs in its August Patch Tuesday release, including two vulnerabilities publicly disclosed, and one zero-day exploited in the wild.7Critical37Important0Moderate0LowMicrosoft...
View ArticleClik here to view.
One Year Later: What Can We Learn from Zerologon?
In a year of headline-making vulnerabilities and incidents, Zerologon (CVE-2020-1472) stands out due to its widespread adoption by threat actors and its checkered disclosure timeline.In our Threat...
View ArticleClik here to view.
The PrintNightmare Continues: Another Zero-Day in Print Spooler Awaits Patch...
Microsoft continues to work on securing Windows Print Spooler after several vulnerabilities have been disclosed. One remains unpatched, despite new limitations on Point and Print...
View Article