CTO Universe

CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild

Tenable

APRIL 12, 2024

While no specific details about these attacks were available at the time this blog was published, researchers at Volexity are credited with discovering the flaw. Impressive response from the Palo Alto Networks team, as they quickly worked with us and have now pushed a Threat Protection signature with a fix to come April 14.

Network

Network Firewall Software Review Systems Review

IDC Ranks Tenable No. 1 in Worldwide Device Vulnerability Management Market Share for the Fifth Consecutive Year

Tenable

FEBRUARY 22, 2024

For the fifth consecutive year, Tenable ranks first in market share. The IDC report noted: “In August 2023, Tenable announced upcoming generative AI capabilities in Tenable One. Users may also query the system using natural language.

Marketing

Marketing Machine Learning Artificial Inteligence IoT

Tenable's Plan to Acquire Ermetic Will Accelerate Customer Value in CNAPP and Exposure Management

Tenable

SEPTEMBER 7, 2023

The acquisition of cloud security innovator Ermetic, once completed, will add unified, elegantly integrated CNAPP and market-leading CIEM capabilities to the Tenable portfolio. Tenable and Ermetic have a shared view that identity security is more important than ever before.

Cloud

Cloud Infrastructure Survey Innovation

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Empowering Cybersecurity Excellence: IBM and Tenable Collaborate for IT/OT Security Innovation

Tenable

SEPTEMBER 28, 2023

IBM and Tenable put IT/OT security on display at IBM's Watson Center in Munich with the QRadar and Tenable OT Security integration — showcasing industrial security, protection and asset management for joint customers and partners. The two companies have embarked on a journey to understand and harness the convergence of IT and OT.

Innovation

Innovation IoT Industry Compliance

Cybersecurity Snapshot: Cyber Pros Say How AI Is Changing Their Work, While the FBI Reports Ransomware Hit Critical Infrastructure Hard in 2023

Tenable

MARCH 8, 2024

Meanwhile, MITRE updated a database about insider threats. An example: When the FBI recently infiltrated the Hive ransomware group’s infrastructure, it found that only about 20% of Hive's victims had filed a law enforcement report. More than 40% of ransomware attacks last year impacted critical infrastructure. And much more!

Infrastructure

Infrastructure Report Software Review Artificial Intelligence

Cybersecurity Snapshot: What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more

Tenable

DECEMBER 29, 2023

The new year is upon us, and so we ponder the question: What cybersecurity trends will shape 2024? To find out, we asked Tenable experts to read the tea leaves. Before issuing coverage, cyber insurers will conduct their due diligence process more stringently.

Software Review

Software Review Development Team Review Systems Review Weak Development Team

Strengthening the Nessus Software Supply Chain with SLSA

Tenable

APRIL 16, 2024

You know Tenable as a cybersecurity industry leader whose world-class exposure management products are trusted by our approximately 43,000 customers, including about 60% of the Fortune 500. At Tenable, protecting our software supply chain is a top priority. What about the availability of build provenance ?

Software Review

Software Review Software Systems Review Guidelines

Cybersecurity Snapshot: CISA Says Midnight Blizzard Swiped U.S. Gov’t Emails During Microsoft Hack, Tells Fed Agencies To Take Immediate Action

Tenable

APRIL 12, 2024

Plus, a new survey shows cybersecurity pros are guardedly optimistic about AI. Tenable CEO and Chairman Amit Yoran said in a statement that it’s not surprising to learn that Midnight Blizzard’s intrusion campaign escalated after its initial discovery. Meanwhile, SANS pinpoints the four trends CISOs absolutely must focus on this year.

Generative AI

Generative AI Malware Trends Government

Tenable OT Security: 2023 Year in Review

Tenable

DECEMBER 29, 2023

As we reflect on the many accomplishments Tenable OT Security achieved in 2023, one thing is clear: we couldn’t have done it without the support and collaboration of our customers and partners. I can easily say 2023 was a good year for Tenable OT Security.

Systems Review

Systems Review Technical Review Software Review IoT

Cybersecurity Snapshot: Latest MITRE ATT&CK Update Offers Security Insights on GenAI, Identity, Cloud and CI/CD

Tenable

APRIL 26, 2024

Plus, learn the latest details about the Change Healthcare breach, including the massive scope of the data exfiltration. 1 - New version of MITRE ATT&CK adds guidance on generative AI, cloud threats Information about malicious use of generative AI tools. Advice about securing cloud environments. And much more!

Security

Security Cloud Artificial Inteligence Generative AI

Tenable Nessus Scanner Capabilities Receive Red Hat Recognition

Tenable

NOVEMBER 15, 2023

The Red Hat Vulnerability Scanner Certification for Tenable Nessus represents our commitment to continue providing customers with visibility into their Red Hat Enterprise Linux systems. Read about what this means and how it benefits our customers. More information on how they operate can be found in a Tenable Community blog post.

Linux

Linux Testing Meeting Study

Tenable Cyber Watch: U.S. Urges Space Industry to Stay Vigilant, Cyber Jobs Get Tougher, and more

Tenable

SEPTEMBER 18, 2023

This week’s edition of Tenable Cyber Watch unpacks safeguarding the US space industry and addresses why many cyber pros feel their jobs have gotten more difficult. We’ve got you covered in this week’s edition of the Tenable Cyber Watch, our weekly video news digest highlighting three cybersecurity topics that matter right now.

Industry

Industry Video Government Data

Introducing ExposureAI in Tenable One: Meet the Future of Preventive Cybersecurity

Tenable

AUGUST 9, 2023

The Tenable One Exposure Management Platform is already transforming how organizations practice preventive cybersecurity. Today, we unveiled ExposureAI in the Tenable One Exposure Management Platform, giving you new generative AI capabilities that will boost your preventive cybersecurity by elevating your cyber expertise.

Generative AI

Generative AI Meeting Analysis Artificial Intelligence

How to Tackle OT Challenges: Asset Inventory and Vulnerability Assessment

Tenable

DECEMBER 10, 2023

Here’s how Tenable OT Security can help. The number of vulnerabilities disclosed in OT systems is constantly growing bringing a new way to think about OT systems; with the increasing adoption of Industry 4.01 and smart infrastructure, OT has become of critical importance to organizations.

How To

How To Systems Review Technical Review Network

Cybersecurity Snapshot: NIST’s Cybersecurity Framework Gets Major Update, as Advisories on APT29 and ALPHV Blackcat Get Rolled Out

Tenable

MARCH 1, 2024

which builds on previous versions, is not just about one document. It is about a suite of resources that can be customized and used individually or in combination over time as an organization’s cybersecurity needs change and its capabilities evolve,” NIST Director Laurie E. Locascio said in a statement about CSF 2.0.

Artificial Inteligence

Artificial Inteligence Malware Generative AI Government

CVE-2023-38545, CVE-2023-38546: Frequently Asked Questions for New Vulnerabilities in curl

Tenable

OCTOBER 4, 2023

However a discussion post on the GitHub repository for the curl project does provide us with some basic information as shown in the table below: CVE Description Severity Affects CVE-2023-38545 Unknown High libcurl and curl CVE-2023-38546 Unknown Low libcurl When will patches be available?

Open Source

Open Source Windows Systems Administration Linux

Navigating Security Challenges Around OT in the DoD’s Manufacturing Lines

Tenable

APRIL 15, 2024

How Tenable OT Security enhances manufacturing line integrity Tenable OT Security offers a solution that meets the DoD's unique demands. Tenable OT Security can help the DoD maintain manufacturing line integrity, ensuring efficient, secure and reliable operations.

Energy

Energy Analysis Scalability System

Find Your Fit on Team Tenable

Tenable

JUNE 29, 2021

At Tenable, we're united in a common mission: to help organizations around the world reduce their cyber risk. By embracing diversity of skill sets and experiences, team Tenable is empowered to meet the challenge of our expanding threat landscape. Read their stories and envision where you will fit into Team Tenable.

Security

Security Resources Engineering Product Management

Cybersecurity Snapshot: DHS Tracks New Ransomware Trends, as Attacks Drive Up Cyber Insurance Claims and Snatch Variant Triggers Alert

Tenable

SEPTEMBER 22, 2023

Check out the new ransomware trends documented by DHS, as well as a joint CISA-FBI alert about the Snatch ransomware. The purpose of the KEV is simple: while focusing on vulnerabilities that have been exploited isn’t sufficient, it’s absolutely necessary – so let’s start there,” reads CISA’s blog about the KEV milestone. And much more!

Insurance

Insurance Trends IoT Software Review

Patch Tuesday’s Impact on Cybersecurity Over the Years

Tenable

DECEMBER 22, 2022

Source: Tenable Research, December 2022. Source: Tenable Research, December 2022. With this move, the data Microsoft provided about releases became less intuitive to read and required more time to comb through and process. Source: Tenable Research, December 2022. Tenable’s Patch Tuesday workflow.

Weak Development Team

Weak Development Team Metrics Research Systems Review

CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways

Tenable

JANUARY 10, 2024

ZTA Week of January 22 Identifying affected systems A list of Tenable plugins for these vulnerabilities can be found on the individual CVE pages for CVE-2023-46805 and CVE-2024-21887 as they’re released. Learn more about Tenable One , the Exposure Management Platform for the modern attack surface. ZTA Week of January 29 22.6R1.3

Policies

Policies Authentication Analysis Network

Tenable's 2023 Capture The Flag: Are You Ready to Test Your Hacking Skills?

Tenable

JULY 26, 2023

Tenable is bringing its annual hacking competition to Black Hat USA 2023 in a hybrid in-person and online experience, giving competitors around the world a chance to have fun and test their skills. Tenable’s annual Capture the Flag hackathon will bring together contestants from around the world on Aug.

Testing

Testing Hotels Virtualization Research

Tenable Cyber Watch: How CISOs Feel About Their Jobs, Why Devs Struggle with Security, Using AI to Reduce Risk

Tenable

JANUARY 30, 2023

This week's edition of the Tenable Cyber Watch reveals key findings about CISO job satisfaction, explore how artificial intelligence and machine learning can be used to reduce risk and unpacks the communication ptifalls that hold securty leaders back. Can artificial intelligence help keep us safer?

Artificial Inteligence

Artificial Inteligence Artificial Intelligence Machine Learning Video

ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services

Tenable

NOVEMBER 4, 2023

Managed services for Apache Airflow in AWS (Amazon Managed Workflows for Apache Airflow) and GCP (Google Cloud Composer) provide scalable and secure orchestration of data workflows using Apache Airflow — an open-source platform to programmatically author, schedule and monitor workflows.

Authentication

Authentication AWS Azure Google Cloud

Strivacity, which helps companies build secure login flows, nabs $20M

TechCrunch

APRIL 4, 2023

In a sign that investors believe in the vision (or at least the business proposition), Strivacity today closed a $20 million Series A-2 round led by SignalFire with participation from Ten Eleven Ventures, Mandiant founder Kevin Mandia, and Tenable co-founder Jack Huffard. billion into the identity management space, about 2.5x

Company

Company Authentication Survey Machine Learning

Tenable Celebrates Veterans Day, Launches New Resource for Careers in Cybersecurity

Tenable

NOVEMBER 10, 2020

Tenable supports and honors the international military community, and today announces the launch of a new Veterans@Tenable resource group. Here at Tenable, we are privileged to work with a diverse team from all over the world. It is also today that Tenable officially launches the Veterans@Tenable Employee Resource Group (ERG).

Resources

Resources Recruiting Groups Training

Finding Rockwell Automation Allen-Bradley Communication Modules Affected by CVE-2023-3595 and CVE-2023-3596 in OT Environments3595

Tenable

JULY 12, 2023

Use the wrong tool and it will overlook affected devices. Find out how Tenable OT Security is designed to give you in-depth asset visibility to address these new vulnerabilities without disrupting productivity. You can read more about these in this blog post from the Tenable Research team.

Systems Review

Systems Review Network Technical Review Software Review

Tenable Cyber Watch: Shift Left Challenges, Anti-Ransomware Efforts, Quantum Risks and CISO Anxiety

Tenable

DECEMBER 12, 2022

Everything you’ve ever wanted to know about CISOs. Don’t miss the latest episode of the Tenable Cyber Watch. On this week’s episode of the Tenable Cyber Watch host Jirah Mickle tackles four hot topics that matter: ransomware; quantum computing; CISOs; and DevSecOps. The quantum computing risk for critical infrastructure.

Infrastructure

Infrastructure Video Organization Data

Tenable Cyber Watch: Policing the Metaverse, Securing AI and ML, Daixin's Threat to Hospitals, and Shifting to Integrated Cyber Platforms

Tenable

DECEMBER 19, 2022

We’ve got a new, must-see episode of the Tenable Cyber Watch, the weekly video news digest that helps you zero-in on the things that matter right now in cybersecurity. On this week’s episode of the Tenable Cyber Watch, we’re talking: Why law enforcement agencies must prepare to police the metaverse now.

Artificial Inteligence

Artificial Inteligence Artificial Intelligence Machine Learning Healthcare

Tenable's Commitment to Security in the Wake of Solorigate

Tenable

DECEMBER 16, 2020

As Tenable's chief security officer I'm simultaneously protecting our own systems while addressing the concerns of our customers around the world. Tenable does not use the SolarWinds Orion platform. The security and availability of our systems, products and customer data is of the utmost importance to us.

Software Review

Software Review Systems Review Technical Review Software Development

Disrupting Attack Paths: Why Tenable's Acquisition of Alsid Matters

Tenable

APRIL 27, 2021

This acquisition allows us to combine Tenable's ability to assess the state of the digital infrastructure with Alsid's ability to assess the state of Active Directory, helping security professionals answer the question: how secure are we? Today, with great pride, I'm pleased to announce Tenable's acquisition of Alsid has been approved.

Weak Development Team

Weak Development Team Malware Authentication Infrastructure

What's New in Tenable OT Security 3.16: Elevating Building Management System Security and User Experience

Tenable

AUGUST 1, 2023

Tenable OT Security 3.16 At Tenable, we understand the critical importance of securing these complex systems, which is why we are thrilled to announce the launch of Tenable OT Security 3.16. What’s inside Tenable OT Security 3.16 BMS security for smart buildings Tenable OT Security 3.16 Tenable OT Security 3.16

System

System Network IoT Video

Cybersecurity Snapshot: U.S. Gov’t Revises, Seeks Input on Security Assessment Questionnaire for Software Vendors

Tenable

NOVEMBER 24, 2023

Uncle Sam wants your input on the latest version of the “Secure Software Development Attestation Form” that federal agencies will use to assess the security of software vendors. Plus, it’s warning cyber teams about the threats from the Rhysida and Scattered Spider cybercrime groups. In addition, there’s a new zero trust certification.

Software Review

Software Review Software Insurance Software Development

Looking Back, Looking Forward: Reflections on 50 Years of Pride

Tenable

JUNE 29, 2020

Here’s a reflection from our Pride@Tenable community on the need for intersectional solidarity. For those of us in the LGBTQIA+ community, Pride symbolizes the fight for equality. At Tenable, we embrace diversity and inclusivity. Library of Congress: About Pride Month. 7 LGBT Tech Groups You Should Know About.

Authentication

Authentication Virtualization Insurance Social

How Industry Partnerships Support Taking a Proactive, Preventive Approach to Cybersecurity

Tenable

FEBRUARY 16, 2023

Such was the case in the story we’re about to share. By the end of the week, they had identified a common theme among customers that were using both Tenable and Microsoft products in their environments., The work cybersecurity professionals do every day to prevent an event from happening rarely gets the headlines.

Industry

Industry Azure Engineering Windows

How Tenable Engineering Stays Connected in the COVID-19 Era

Tenable

OCTOBER 2, 2020

Fortunately, Tenable has experience supporting a large, distributed workforce. In fact, more than half of Tenable engineers around the globe were already working remotely before the pandemic. For previously co-located teams, including mine at Tenable HQ, we used this foundation to adapt the ways in which we used to collaborate.

Engineering

Engineering UI/UX Social Meeting

Disrupting the Pervasive Attacks Against Active Directory and Identities

Tenable

APRIL 27, 2021

The vast supermajority of large enterprises use Microsoft Active Directory to manage account privileges. With the acquisition of Alsid, Tenable achieves an important milestone in delivering on our Cyber Exposure vision to help organizations understand and reduce cyber risk across the entire modern attack surface. Hiding accounts;?.

Infrastructure

Infrastructure Windows Groups Enterprise

CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently Asked Questions for Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways

Tenable

JANUARY 31, 2024

Background The Tenable Security Response Team has put together this blog to answer Frequently Asked Questions (FAQ) regarding four vulnerabilities affecting Ivanti Connect Secure and Policy Secure Gateways. Has Tenable released any product coverage for these CVEs? Are these vulnerabilities being actively exploited?

Policies

Policies Malware Authentication Software Review

Introducing the Tenable Cyber Watch, Your Weekly Cyber Newscast

Tenable

DECEMBER 5, 2022

The Tenable Cyber Watch is here to help. Today, Tenable launches Cyber Watch, a weekly video news program highlighting topics that are top-of-mind for cybersecurity professionals around the world. The Tenable Cyber Watch is cyber news you can use. Separating the signal from the noise is hard.

Video

Video Analysis Programming Data

Cybersecurity Snapshot: CISA Calls on Software Makers To Use Memory Safe Languages, as OpenSSF Issues Secure Software Principles

Tenable

DECEMBER 8, 2023

200 respondents polled by Tenable in December 2023) (198 respondents polled by Tenable in December 2023) Want to learn what was discussed during the webinar “Tenable Vulnerability Management Customer Update - December 2023”? Watch it on demand !

Software Review

Software Review Software Malware Software Development

Tenable Assure: Announcing the 2021 Global Partner Award Winners

Tenable

APRIL 22, 2021

At Tenable, we’ve made several key investments in our Tenable Assure partner program to help distributors, resellers and managed security service providers (MSSP) better support end-user organizations with the tools they need to understand and reduce cyber risk. Join us at AssureWorld on May 12. And the winners are….

Games

Games IoT Programming Conference

One Year Later: What Can We Learn from Zerologon?

Tenable

AUGUST 11, 2021

In our Threat Landscape Retrospective (TLR) published earlier this year, the Tenable Security Response Team (SRT) highlighted CVE-2020-1472 , aka Zerologon, as one of the Top Five Vulnerabilities of 2020. Source: Tenable, August 2021. About CVE-2020-1472: sneaky updates cause problems. Source: Tenable, August 2021.

Software Review

Software Review LAN Government Windows

Solorigate: SolarWinds Orion Platform Contained a Backdoor Since March 2020 (SUNBURST)

Tenable

DECEMBER 14, 2020

Following the publication of these news articles, additional information about the breach has since been made public. I have report from Microsoft about SolarWinds hack, including IoCs. New Blog from us at FireEye: Writeup of UNC2452, a highly sophisticated attacker who distributed malware via a software supply chain attack.

Security

Security Journal Report Malware

Tenable Rated Highest Among 'Customers’ Choice' Vendors in Product Capabilities in the 2020 Gartner Peer Insights 'Voice of the Customer' Report

Tenable

JULY 13, 2020

We’re proud that Tenable was rated the highest of all 2020 “Customers' Choice” vendors in Product Capabilities with a 4.7 We think this shows Tenable’s breadth of reach and the diversity of customers that have provided positive reviews of our products. . Below are a few excerpts: "Easy To Use And Configure".

Report

Report Systems Review Transportation Systems Administration

CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild

IDC Ranks Tenable No. 1 in Worldwide Device Vulnerability Management Market Share for the Fifth Consecutive Year

Webinars

Trending Sources

Tenable's Plan to Acquire Ermetic Will Accelerate Customer Value in CNAPP and Exposure Management

Webinars

Empowering Cybersecurity Excellence: IBM and Tenable Collaborate for IT/OT Security Innovation

Cybersecurity Snapshot: Cyber Pros Say How AI Is Changing Their Work, While the FBI Reports Ransomware Hit Critical Infrastructure Hard in 2023

Cybersecurity Snapshot: What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more

Strengthening the Nessus Software Supply Chain with SLSA

Cybersecurity Snapshot: CISA Says Midnight Blizzard Swiped U.S. Gov’t Emails During Microsoft Hack, Tells Fed Agencies To Take Immediate Action

Tenable OT Security: 2023 Year in Review

Cybersecurity Snapshot: Latest MITRE ATT&CK Update Offers Security Insights on GenAI, Identity, Cloud and CI/CD

Tenable Nessus Scanner Capabilities Receive Red Hat Recognition

Tenable Cyber Watch: U.S. Urges Space Industry to Stay Vigilant, Cyber Jobs Get Tougher, and more

Introducing ExposureAI in Tenable One: Meet the Future of Preventive Cybersecurity

How to Tackle OT Challenges: Asset Inventory and Vulnerability Assessment

Cybersecurity Snapshot: NIST’s Cybersecurity Framework Gets Major Update, as Advisories on APT29 and ALPHV Blackcat Get Rolled Out

CVE-2023-38545, CVE-2023-38546: Frequently Asked Questions for New Vulnerabilities in curl

Navigating Security Challenges Around OT in the DoD’s Manufacturing Lines

Find Your Fit on Team Tenable

Cybersecurity Snapshot: DHS Tracks New Ransomware Trends, as Attacks Drive Up Cyber Insurance Claims and Snatch Variant Triggers Alert

Patch Tuesday’s Impact on Cybersecurity Over the Years

CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways

Tenable's 2023 Capture The Flag: Are You Ready to Test Your Hacking Skills?

Tenable Cyber Watch: How CISOs Feel About Their Jobs, Why Devs Struggle with Security, Using AI to Reduce Risk

ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services

Strivacity, which helps companies build secure login flows, nabs $20M

Tenable Celebrates Veterans Day, Launches New Resource for Careers in Cybersecurity

Finding Rockwell Automation Allen-Bradley Communication Modules Affected by CVE-2023-3595 and CVE-2023-3596 in OT Environments3595

Tenable Cyber Watch: Shift Left Challenges, Anti-Ransomware Efforts, Quantum Risks and CISO Anxiety

Tenable Cyber Watch: Policing the Metaverse, Securing AI and ML, Daixin's Threat to Hospitals, and Shifting to Integrated Cyber Platforms

Tenable's Commitment to Security in the Wake of Solorigate

Disrupting Attack Paths: Why Tenable's Acquisition of Alsid Matters

What's New in Tenable OT Security 3.16: Elevating Building Management System Security and User Experience

Cybersecurity Snapshot: U.S. Gov’t Revises, Seeks Input on Security Assessment Questionnaire for Software Vendors

Looking Back, Looking Forward: Reflections on 50 Years of Pride

How Industry Partnerships Support Taking a Proactive, Preventive Approach to Cybersecurity

How Tenable Engineering Stays Connected in the COVID-19 Era

Disrupting the Pervasive Attacks Against Active Directory and Identities

CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently Asked Questions for Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways

Introducing the Tenable Cyber Watch, Your Weekly Cyber Newscast

Cybersecurity Snapshot: CISA Calls on Software Makers To Use Memory Safe Languages, as OpenSSF Issues Secure Software Principles

Tenable Assure: Announcing the 2021 Global Partner Award Winners

One Year Later: What Can We Learn from Zerologon?

Solorigate: SolarWinds Orion Platform Contained a Backdoor Since March 2020 (SUNBURST)

Tenable Rated Highest Among 'Customers’ Choice' Vendors in Product Capabilities in the 2020 Gartner Peer Insights 'Voice of the Customer' Report

Stay Connected