Tenable

JANUARY 16, 2024

Solution Citrix has released patches for these vulnerabilities as outlined in the table below: Affected Product Affected Version Fixed Version NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21 Learn more about Tenable One , the Exposure Management Platform for the modern attack surface. and later releases of 13.0

Authentication 118

Authentication Network Internet Virtualization 118

Tenable

SEPTEMBER 28, 2023

IBM and Tenable put IT/OT security on display at IBM's Watson Center in Munich with the QRadar and Tenable OT Security integration — showcasing industrial security, protection and asset management for joint customers and partners.

Innovation 118

Innovation IoT Industry Compliance 118

Tenable

NOVEMBER 15, 2023

The Red Hat Vulnerability Scanner Certification for Tenable Nessus represents our commitment to continue providing customers with visibility into their Red Hat Enterprise Linux systems. Tenable is proud to announce that it has received the Red Hat Vulnerability Scanner Certification.

Linux 73

Linux Testing Meeting Study 73

Tenable

FEBRUARY 20, 2024

Frequently asked questions about two vulnerabilities affecting ConnectWise ScreenConnect Background The Tenable Security Response Team has put together this blog to answer Frequently Asked Questions (FAQ) regarding two vulnerabilities impacting ScreenConnect, a Remote Monitoring and Management (RMM) solution from ConnectWise.

Authentication 71

Authentication Research Cloud Data 71

CIO

APRIL 4, 2024

Over the past several years, Amazon has offered “just walk out” in some stores and the Dash Cart in others, according to Amazon, which notes that “just walk out” was generally preferred in smaller stores, and the Dash Cart in larger ones. Barriers to entry are likely to shrink over time as well. Amazon.com, Retail Industry

Retail 130

Retail Technology Off-The-Shelf System 130

Tenable

JANUARY 30, 2024

Find out how Tenable ExposureAI helps you overcome these challenges and enhances your efficiency and productivity for stronger proactive security. This highlights the urgent need for a paradigm shift towards predictive security strategies fueled by more efficiency and productivity capabilities - like AI.

Analysis 61

Analysis Generative AI Strategy Resources 61

Tenable

JANUARY 8, 2024

One reason some standards are abstract is that security is not a one-size-fits-all practice. Also, organizations have different compliance requirements depending on their industry, company size and location. Because, as many seasoned security pros know, proving compliance is but only one part of a holistic security strategy.

Compliance 83

Compliance Weak Development Team Lambda Guidelines 83

Tenable

MARCH 8, 2024

Phobos ransomware hitting critical infrastructure, emergency services And we’re returning to the topic of how ransomware gangs have their sights set on critical infrastructure targets. The chart below shows the percentage of cybersecurity pros that support more than one functional area. What’s new? For starters, version 2.0

Infrastructure 117

Infrastructure Report Software Review Artificial Intelligence 117

Tenable

JANUARY 18, 2024

While the security team wants any security issue to be repaired, the infrastructure team is often (and very justifiably) focused on ensuring that the remediation doesn’t cause more damage and that the infrastructure can continue supporting the required business logic.

Cloud 71

Cloud Software Review Infrastructure Policies 71

Tenable

MARCH 20, 2024

Explore how Tenable One for OT/IoT helps organizations stay ahead in today's evolving threat landscape with end-to-end visibility and cyber risk prioritization across IT, OT and IoT. Similarly, a workstation on the production plant can do more damage than a personal laptop in a guest network.

IoT 73

IoT How To Network Tools 73

Tenable

DECEMBER 29, 2023

As we reflect on the many accomplishments Tenable OT Security achieved in 2023, one thing is clear: we couldn’t have done it without the support and collaboration of our customers and partners. I can easily say 2023 was a good year for Tenable OT Security.

Systems Review 74

Systems Review Technical Review Software Review IoT 74

Tenable

APRIL 16, 2024

You know Tenable as a cybersecurity industry leader whose world-class exposure management products are trusted by our approximately 43,000 customers, including about 60% of the Fortune 500. At Tenable, protecting our software supply chain is a top priority. Let’s look more closely at each one of these elements.

Software Review 68

Software Review Software Systems Review Guidelines 68

Tenable

SEPTEMBER 11, 2023

In order for exploitation to occur, the vulnerable system needs to contain one user with a password in the local database or the HTTPS management authentication points back to a valid AAA server. In addition, either SSL VPN or IKEv2 VPN must be enabled on at least one interface.

Groups 121

Groups Report Authentication Software Review 121

Tenable

FEBRUARY 9, 2024

We cautioned about the threat posed by known vulnerabilities in SSL VPNs back in August 2021 in products from Fortinet, Ivanti (formerly Pulse Secure) and Citrix, as they provide attackers with the perfect doorway for exploitation. Critical Infrastructure (AA24-038A) Join Tenable's Security Response Team on the Tenable Community.

Malware 123

Malware Authentication Infrastructure Analysis 123

Tenable

AUGUST 9, 2023

The Tenable One Exposure Management Platform is already transforming how organizations practice preventive cybersecurity. Now, with the introduction of ExposureAI, users can unleash the full potential of generative artificial intelligence to stay one step ahead of attackers. Stay tuned for more information in the coming weeks.

Generative AI 98

Generative AI Meeting Analysis Artificial Intelligence 98

Tenable

OCTOBER 23, 2023

Tenable ranked first in multiple vulnerability management categories, including the most comprehensive coverage and quickest detection of CISA's Known Exploited Vulnerabilities, according to a Miercom report commissioned by Tenable. Cybersecurity and Infrastructure Security Agency (CISA).

Technical Review 73

Technical Review Study Policies Report 73

Tenable

MAY 24, 2023

In this blog, we explain key features of Azure Linux and how Tenable can support the security needs of Microsoft customers. Microsoft Azure Linux is a newly launched container host that provides reliability and consistency from cloud to edge across the Azure Kubernetes Service (AKS), AKS-HCI, and Azure Arc products.

Linux 97

Linux Azure Development DevOps 97

Tenable

JANUARY 23, 2024

This vulnerability only affects out-of-date versions of these products. As recently as late December 2023, our partners at GreyNoise observed a spike in exploitation attempts against Atlassian products using a mix of broad scanning, hardcoded passwords as well as several CVEs including CVE-2023-22515 and CVE-2023-22518. x;sh /tmp/.x

Data Center 70

Data Center Technical Advisors Data Report 70

Tenable

APRIL 17, 2023

Securing the modern attack surface — with its complex mix of on-premises and cloud infrastructure, web applications, identity and privilege management tools and operational technology (OT) — is a team effort. At Tenable, our channel partners are an integral part of this effort. Once again, congratulations to our winners.

Programming 98

Programming Network Cloud Trends 98

Tenable

JULY 12, 2023

Analysis CVE-2023-3595 is a remote code execution (RCE) vulnerability in Rockwell Automation Allen-Bradley ControlLogix Communication Modules for its 1756 EN2* and 1756 EN3* product families. An attacker could exploit this vulnerability to gain RCE on a vulnerable module by sending specially crafted common industrial protocol (CIP) messages.

Knowledge Base 98

Knowledge Base Network Transportation Industry 98

Tenable

FEBRUARY 2, 2024

Frequently asked questions relating to a security incident at AnyDesk that was publicly disclosed on February 2. Background The Tenable Security Response Team has put together this blog to answer frequently Asked Questions (FAQ) regarding a security incident at AnyDesk. August 10, 2023 On-Premises Solution 2.1.3

Windows 68

Windows Linux Report System 68

Tenable

AUGUST 30, 2023

Here’s how Tenable Nessus can help. When Tenable Nessus was launched in 1998, the attack surface consisted of only traditional IT devices — desktops, workstations, network equipment, etc. What is needed is a fast, easy way to proactively find, prioritize and remediate vulnerabilities — on whatever attack surface they may be found.

Applications 98

Applications Study Open Source Report 98

Tenable

OCTOBER 2, 2023

Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10 Background On September 27, Progress Software published an advisory for WinSock File Transfer Protocol or WS_FTP Server , a secure file transfer solution, addressing eight vulnerabilities.

Software Review 123

Software Review Software Systems Review Authentication 123

Tenable

FEBRUARY 13, 2024

Cost: The cost of deploying specific components of an application using traditional methods may involve the hosting of a server (or the internal cost of purchasing the server itself), as well as all of the licensing for operating systems, individual security products, and configuration tools layered on top.

Serverless 106

Serverless Architecture Applications Cloud 106

Tenable

MAY 15, 2023

Tenable is changing its products’ names to make them more descriptive, so that it’s easier for people to understand our portfolio and the capabilities we offer. Tenable customers, partners, employees and friends will notice a change in Tenable product names rolling out during 2023. Tenable Cloud Security Tenable.ot

Cloud 52

Cloud Applications Examples 52

Tenable

DECEMBER 10, 2023

Here’s how Tenable OT Security can help. An attacker would still be able to actively discover such an asset and, as a defender, you have to remain one step ahead and maintain a holistic and real-time view of your infrastructure. Moreover, if you do receive some data, you may not read it because of encryption.

How To 100

How To Systems Review Technical Review Network 100

Tenable

DECEMBER 8, 2022

In this blog, we highlight five insights from the report, which offers a deep dive on DevSecOps trends as well as concrete recommendations to keep DevSecOps efforts on the right track. We also provide insights on how Tenable can help. How can Tenable help put these insights to work for you? in 2021 to 18.4%

Survey 98

Survey Cloud Software Review Serverless 98

Tenable

JUNE 12, 2023

CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate) Fortinet says a critical flaw in its SSL-VPN product may have been exploited in the wild in a limited number of cases. Identifying affected systems A list of Tenable plugins to identify this vulnerability can be found here. 6.4.10, 6.4.12

Firewall 103

Firewall Authentication Research Groups 103

Tenable

AUGUST 2, 2023

Two agent types are used by SLP to catalog and advertise services: a service agent (SA) deals with one or more services while a directory agent (DA) handles services across multiple service agents. Most frequently, service agents advertise services running on the same host while directory agents deal with services across multiple hosts.

Internet 97

Internet Storage Software Review Systems Review 97

Tenable

DECEMBER 12, 2023

Background Microsoft’s Patch Tuesday, a monthly release of software patches for various Microsoft products, celebrated its 20th anniversary in 2023. In 2022, Tenable Research published a blog post discussing Patch Tuesday’s impact on cybersecurity over the years. Follow the Tenable blog for more information as we move into 2024.

Software Review 73

Software Review Trends Groups Research 73

Tenable

JULY 18, 2023

Additionally, CVE-2019-19781 was featured as one of the Top 5 vulnerabilities in our 2020 Threat Landscape Retrospective report. Affected Product Affected Version Fixed Version NetScaler ADC and NetScaler Gateway 13.1 Learn more about Tenable One , the Exposure Management Platform for the modern attack surface.

Software Review 98

Software Review Systems Review Groups Report 98

Tenable

SEPTEMBER 7, 2023

Analysis CVE-2022-47966 is a remote code execution (RCE) vulnerability affecting multiple Zoho ManageEngine on-premise products, including ServiceDesk Plus. While patches for the affected products were released in late October and early November of 2022, the security advisory was not released until January 10, 2023.

Firewall 65

Firewall Software Review Technical Review Systems Review 65

Tenable

DECEMBER 22, 2023

Tenable, whose products have had AI technology for years, was very much at the center of this trend, as it integrated GenAI capabilities across the Tenable One Exposure Management Platform in 2023. “AI Here’s a telling stat: Roughly between mid-2022 and mid-2023, 90% of organizations suffered at least one identity breach.

Artificial Inteligence 78

Artificial Inteligence Technical Review Cloud Artificial Intelligence 78

Tenable

DECEMBER 10, 2021

If the vulnerable server uses log4j to log requests, the exploit will then request a malicious payload over JNDI through one of the services above from an attacker-controlled server. However, at the time this blog post was published, some products and services that were confirmed to be vulnerable include: Product/Service.

Applications 143

Applications Research Report Games 143

Tenable

JUNE 29, 2021

Engineering, human resources, product management and billing: Here's how four employees with a wide range of skills are making their mark in cybersecurity. At Tenable, we're united in a common mission: to help organizations around the world reduce their cyber risk. Read their stories and envision where you will fit into Team Tenable.

Security 98

Security Resources Engineering Product Management 98

Tenable

APRIL 7, 2022

VMware cautions organizations to patch or mitigate several serious vulnerabilities across multiple products. On April 6, VMware published an advisory (VMSA-2022-0011) addressing eight vulnerabilities across a number of VMware products: CVE. Affected products include: VMware Workspace ONE Access (Access).

Authentication 98

Authentication Research Analysis Cloud 98

Tenable

MARCH 14, 2024

In the meantime, check DAS service logs for… pic.twitter.com/57ps2WiY8R — Horizon3 Attack Team (@Horizon3Attack) March 13, 2024 Solution Fortinet has released patches to address this SQL injection vulnerability as outlined in the table below: Affected Product Affected Version Fixed Version FortiClientEMS 7.2 through 7.2.2 through 7.0.10

Software Review 68

Software Review Systems Review Authentication Infrastructure 68