Clik here to view.
YouTube Shorts: Stolen TikTok Videos Manipulated in Adult Dating, Dubious...
As Google's TikTok competitor YouTube Shorts gains viewers, hordes of scammers are quick to follow.BackgroundOver the last several months, YouTube Shorts, Google’s competitor to TikTok, has become a...
View ArticleCVE-2021-44757: ZoHo Patches Authentication Bypass in ManageEngine Desktop...
ZoHo patches authentication bypass in ManageEngine Desktop Central that could allow attackers to write arbitrary zip files to the server.BackgroundOn January 17, ZoHo issued an advisory and patches for...
View ArticleClik here to view.
The 2021 Threat Landscape Retrospective: Targeting the Vulnerabilities that...
A review of the year in vulnerabilities and breaches, with insights to help guide cybersecurity strategy in 2022 and beyond.“We do not learn from experience... we learn from reflecting on experience.”...
View ArticleClik here to view.
Oracle January 2022 Critical Patch Update Addresses 266 CVEs
Oracle addresses 266 CVEs in its first quarterly update of 2022 with 497 patches, including 25 critical updates. BackgroundOn January 18, Oracle released its Critical Patch Update (CPU) for January...
View ArticleSecuring Critical Infrastructure: The Essential Role of Public-Private...
Government collaboration with industry can help drive strategic planning and tactical operations to address cyberthreats.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) states,...
View ArticleWhat Is IaC and Why Does It Matter to the CISO?
Many vendors and security companies are buying or building Infrastructure as Code (IaC) security into their portfolios, and this trend is only expected to continue. Here’s what you need to...
View ArticleTenable Launches Suite of New Product Features to Deliver Full Lifecycle...
Our newest Tenable.cs product features are designed to enable organizations to stay agile while reducing risk.A suite of upgrades to Tenable.cs, our cloud-native application protection platform, are...
View ArticleCVE-2022-20699, CVE-2022-20700, CVE-2022-20708: Critical Flaws in Cisco Small...
Cisco patches 15 flaws in Cisco Small Business RV Series Routers, including three with critical 10.0 CVSSv3 scores.BackgroundOn February 2, Cisco published an advisory for 15 vulnerabilities in its...
View ArticleClik here to view.
Microsoft’s February 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-21989)
Microsoft addresses 48 CVEs in its February 2022 Patch Tuesday release, including one zero-day vulnerability that was publicly disclosed, but not exploited in the...
View ArticleCVE-2022-22536: SAP Patches Internet Communication Manager Advanced Desync...
SAP and Onapsis Research Labs collaborate to disclose three critical vulnerabilities impacting SAP NetWeaver Application Servers. The most severe of the three could lead to full system...
View ArticleLog4Shell: A Tale of Two Detection Techniques
Endpoint detection and response (EDR) can only take you so far in identifying Log4j exploit attempts. Here’s why dynamic checks are needed to uncover vulnerable versions of Log4j.When the Log4j...
View ArticleTenable’s Acquisition Of Cymptom: An “Attack Path-Informed” Approach to...
Tenable’s recent acquisitions all had the same overarching goal: helping our customers gain better security insights across their cyberattack surface.At our investor day in December 2021, Tenable CEO...
View ArticleClik here to view.
Government Advisories Warn of APT Activity Resulting from Russian Invasion of...
Government agencies publish warnings and guidance for organizations to defend themselves against advanced persistent threat groups.As governments around the world call for heightened cyber vigilance,...
View ArticleCNAPP: What Is It and Why Is It Important for Security Leaders?
A Cloud-Native Application Protection Platform (CNAPP) offers four key benefits to reduce risk and improve visibility. Here’s what you need to know.The cloud security market is developing and expanding...
View ArticleClik here to view.
Microsoft’s March 2022 Patch Tuesday Addresses 71 CVEs (CVE-2022-23277,...
Microsoft addresses 71 CVEs in its March 2022 Patch Tuesday release, including three vulnerabilities that were publicly disclosed as zero-days.3Critical68Important0Moderate0LowMicrosoft patched 71 CVEs...
View ArticleClik here to view.
Behind the Scenes: How We Picked 2021’s Top Vulnerabilities – and What We...
The 2021 Threat Landscape Retrospective explored the top five vulnerabilities of the year. Learn about other high-impact vulnerabilities that nearly made our list.When putting together the Threat...
View ArticleClik here to view.
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware –...
Private messages between Conti members uncover invaluable information about how the infamous ransomware group hijacks victims’ systems.Leaked internal chats between Conti ransomware group members offer...
View ArticleClik here to view.
Cr8escape: How Tenable Can Help (CVE-2022-0811)
CrowdStrike discloses container escape vulnerability affecting CRI-O for Kubernetes. Here’s how Tenable.cs can help you detect vulnerable pods.BackgroundOn March 15, CrowdStrike published technical...
View ArticleClik here to view.
CVE-2022-22948: VMware vCenter Server Sensitive Information Disclosure...
Researchers disclose a moderate severity vulnerability in VMware vCenter Server that can be used in an exploit chain with other vCenter Server flaws to take over servers.BackgroundOn March 29, VMware...
View ArticleSpring4Shell FAQ: Spring Framework Remote Code Execution Vulnerability
Spring4Shell FAQ: Spring Framework Remote Code Execution VulnerabilityA list of frequently asked questions related to Spring4Shell.Tenable Research is closely monitoring updates related to...
View Article