The State of OT Security, a Year Since Colonial Pipeline
During a recent podcast, Tenable's VP of Operational Technology Marty Edwards discussed the cyber threats faced by critical infrastructure providers and the importance of OT security, topics he'll...
View ArticleA Practical Approach for Shifting Left
A practical approach to understanding shift left security and how shifting security left can help teams achieve DevSecOps success. As a critical part of DevSecOps, shifting left has become a key aspect...
View ArticleHow To Make Your SOC Identity-Aware and Efficient
While an attacker only needs to be right once, security teams must be right every time. That's why SOC teams must stop ransomware attackers from exploiting AD weaknesses.Operating in shifts around the...
View ArticleHow State and Local Governments Can Bolster their Cyber Defenses
Cyber security leaders of U.S. cities and states must protect their systems and data from nation-state attackers, including Russian hackers.President Biden has warned of potential Russian cyberattacks...
View ArticleSecurity Improvements for Our Ecommerce Customers
We were recently informed of a design flaw in our third-party ecommerce fulfillment system, cleverbridge, that could have potentially allowed customers to accidentally disclose their purchasing...
View ArticleClik here to view.
Twitter Crypto Scams: Bored Ape Yacht Club, Azuki and Other Projects...
Scammers are using verified and unverified accounts to impersonate notable NFT projects like Bored Ape Yacht Club and others, tagging Twitter users to drive them to phishing websites.BackgroundOver the...
View ArticleCVE-2022-30190: Zero Click Zero Day in Microsoft Support Diagnostic Tool...
CVE-2022-30190: Zero Click Zero Day in Microsoft Support Diagnostic Tool Exploited in the WildMicrosoft confirms remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that...
View ArticleHow Can We Strengthen the Cybersecurity of Critical Infrastructure? Here Are...
A year after the ransomware attack against the Colonial Pipeline, what can we do to further harden the IT and OT systems of power plants, fuel pipelines, water treatment plants and similar critical...
View ArticleCVE-2022-26134: Zero-Day Vulnerability in Atlassian Confluence Server and...
A critical vulnerability in Atlassian Confluence Server and Data Center has been exploited in the wild by multiple threat actors. Organizations should review and implement mitigation guidance until a...
View ArticleBringing External Attack Surface Management to the Masses with Bit Discovery
External Attack Surface Management (EASM) is an essential foundation of cybersecurity best practices. Soon, you’ll be able to take advantage of automated attack surface discovery in Tenable...
View ArticleSo Many CVEs, So Little Time: Zero In and ‘Zero Click’ into the Current...
Among the thousands of vulnerabilities disclosed so far in 2022, we highlight five and explain why they matter.With over 6,000 vulnerabilities disclosed this year, cybersecurity teams have faced, as...
View ArticleClik here to view.
Everybody Does Good VM When S#*t Hits the Fan
Ever notice how security teams operate more efficiently during a crisis? We need to take the same approach to security all the time. To help you get started, here are four best practices – and a new...
View ArticleMicrosoft Azure Synapse Pwnalytics
Since March 10, Tenable Research has attempted to work with Microsoft to address two serious flaws in the underlying infrastructure of Azure Synapse Analytics.Synapse Analytics is a platform used for...
View ArticleClik here to view.
Microsoft’s June 2022 Patch Tuesday Addresses 55 CVEs (CVE-2022-30190)
Microsoft addresses 55 CVEs in its June 2022 Patch Tuesday release, including three critical flaws.3Critical52Important0Moderate0LowMicrosoft patched 55 CVEs in its June 2022 Patch Tuesday release,...
View ArticleClik here to view.
Tenable Capture the Flag 2022: The Results Are In!
It’s time to crown the winners of this year’s Capture the Flag Event!This event presented a series of security-related challenges in a Jeopardy-style format. Challenges ranged in difficulty and topics...
View ArticleClik here to view.
Cybersecurity Snapshot: 6 Things That Matter Right Now
Key vulnerabilities you can’t ignore. Best practices to improve operational technology (OT) cybersecurity. A reality check on shift left, DevSecOps and cloud security. Tackling the security skills gap....
View ArticleCVE-2022-27511, CVE-2022-27512: Patches for Two Citrix Application Delivery...
CVE-2022-27511, CVE-2022-27512: Patches for Two Citrix Application Delivery Management VulnerabilitiesCitrix patches a “nasty bug” in its Application Delivery Management solution that is difficult to...
View ArticleClik here to view.
Identifying XML External Entity: How Tenable.io Web Application Scanning Can...
XML External Entity (XXE) flaws present unique mitigation challenges and remain a common attack path. Learn how XXE flaws arise, why some common attack paths are so challenging to mitigate and how...
View ArticleClik here to view.
Understanding the Ransomware Ecosystem: From Screen Lockers to...
A new report from Tenable Research explores the key players in the ransomware ecosystem and the tactics that have helped propel it from a fledgling cyberthreat into a force to be reckoned...
View ArticleOT:ICEFALL Research from Forescout Explores Insecure-by-Design State of...
OT:ICEFALL Research from Forescout Explores Insecure-by-Design State of Operational TechnologyThe latest research from Forescout’s Vedere Labs explores the state of risk management in operational...
View Article