Tenable

MARCH 8, 2024

More than 40% of ransomware attacks last year impacted critical infrastructure. 1 - FBI: Critical infrastructure walloped by ransomware attacks in 2023 The number of U.S. ransomware incidents grew 18% in 2023 to 2,825, and 42% of those attacks impacted critical infrastructure organizations. And much more!

Infrastructure 117

Infrastructure Report Software Review Artificial Intelligence 117

Tenable

JULY 25, 2023

Analysis CVE-2023-35078 is an authentication bypass vulnerability in Ivanti’s EPMM. An unauthenticated, remote attacker could exploit this vulnerability to gain access to the server’s application programming interface (API) that is normally only accessible to authenticated users. less than 10).”

Mobile 98

Mobile Knowledge Base Authentication Government 98

Tenable

SEPTEMBER 7, 2023

Analysis CVE-2022-47966 is a remote code execution (RCE) vulnerability affecting multiple Zoho ManageEngine on-premise products, including ServiceDesk Plus. While patches for the affected products were released in late October and early November of 2022, the security advisory was not released until January 10, 2023.

Firewall 65

Firewall Software Review Technical Review Systems Review 65

Tenable

MARCH 29, 2024

Check out new guidance for banks on combating AI-boosted fraud. And best practices to prevent and respond to DDoS attacks. National Cyber Security Centre (NCSC) issued guidance on cloud-hosted supervisory control and data acquisition (SCADA) systems, stressing that cybersecurity must be “a key consideration” with these migrations.

Systems Review 67

Systems Review Weak Development Team Banking System 67

Tenable

JANUARY 23, 2024

A patch for this vulnerability was released on December 7, though the advisory was not made public until January 22. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable GoAnywhere MFT instance. Based on Tenable’s telemetry as of January 23, 96.4%

Authentication 64

Authentication Research Groups Analysis 64

Tenable

JANUARY 17, 2023

Frameworks and standards for prioritizing vulnerability remediation continue to evolve, yet far too many organizations rely solely on CVSS as their de facto metric for exposure management. Here, we discuss other important frameworks and provide guidance on how Tenable can help. Source: Tenable Research, January 2023.

Metrics 53

Metrics How To Technical Review Analysis 53

Tenable

MARCH 17, 2020

Attempts to exploit multiple vulnerabilities in Trend Micro Apex One and OfficeScan observed in the wild. On March 16, Trend Micro published a security bulletin to address five vulnerabilities in its endpoint security solutions, Apex One and OfficeScan , including two vulnerabilities that were exploited in the wild. Background.

Trends 105

Trends Software Review Systems Review Authentication 105

Tenable

FEBRUARY 24, 2021

On February 23, VMware released a security advisory (VMSA-2021-0002) to address two vulnerabilities in vCenter Server , a centralized management software for VMware vSphere systems, as well as a vulnerability in the VMWare ESXi hypervisor. Affected Product. Mass scanning activity for CVE-2021-21972 detected within one day.

Linux 104

Linux Windows Operating System Authentication 104

Tenable

OCTOBER 12, 2020

The alert details how APT actors are using vulnerability chaining or exploit chaining, incorporating a recently disclosed elevation of privilege vulnerability in their attacks. Vendor/Product. Tenable VPR*. Please note Tenable VPR scores are calculated nightly. Zerologon observed as part of attacks in the wild.

WAN 117

WAN Authentication Government Network 117

Tenable

JULY 12, 2021

A good understanding of the attack surface is of prime importance in measuring and prioritizing risk. Here's how Tenable's data can allow security professionals to have a more realistic view of their exposure. What is an Attack Surface?

Software Review 100

Software Review Systems Review Technical Review Metrics 100

Tenable

OCTOBER 20, 2022

Securing today’s complex and dynamic IT environments requires bringing together vulnerability management, Web application security, cloud security, identity security, attack path analysis and external attack surface management to help you understand the full breadth and depth of your exposures.

Programming 53

Programming Tools Organization Analysis 53

Tenable

MAY 25, 2023

Background On May 24, several international agencies — including the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) in the U.S, Yes, the joint CSA highlights two vulnerabilities in ManageEngine and FatPipe products that have been linked to Volt Typhoon.

Malware 52

Malware Windows Groups Internet 52

Tenable

JULY 22, 2020

The advisory states that this threat actor is leveraging public proof of concept (PoC) code as part of their attacks. Both of these previously discovered vulnerabilities allow for unrestricted file upload through two different attack vectors. CVE-2019-18935. Telerik UI for ASP.NET AJAX. CVE-2019-19781. CVE-2019-0604.

WAN 98

WAN Software Review Authentication Government 98

Tenable

MAY 9, 2023

In this installment, we take a closer look at the vulnerabilities disclosed in 2022 — and discuss how Tenable can help. It is necessary to look at the results of observation objectively, because you, the experimenter, might like one result better than another —Richard P. Attackers monitor advisories looking for vulnerabilities.

Research 52

Research Organization Analysis Fashion 52

Tenable

NOVEMBER 17, 2020

Five days later, on November 16, Hauser tweeted that because Cisco’s Product Security Incident Response Team (PSIRT) had become “unresponsive,” and because the alleged fixed version of Cisco Security Manager didn’t mention his disclosures, he decided to release his proof-of-concept (PoC) code for the 12 vulnerabilities. out of 10.0.

Authentication 100

Authentication LAN Firewall Research 100

Tenable

AUGUST 2, 2022

CVE-2022-31656: VMware Patches Several Vulnerabilities in Multiple Products (VMSA-2022-0021). VMware has patched another set of serious vulnerabilities across multiple products including VMware Workspace ONE Access. Organizations should patch urgently given past activity targeting vulnerabilities in VMware products.

Authentication 53

Authentication Research Analysis Organization 53

Tenable

AUGUST 3, 2023

As we’ve explored in our 2022 Threat Landscape Report (TLR) , known and exploitable vulnerabilities remain one of the most persistent threats to organizations. Analysis As we examined the list of 42 CVEs in the CSA, many have been featured in past blogs and alerts from Tenable Research as well as included in our 2020 , 2021 and 2022 TLR.

Authentication 52

Authentication Data Center Software Review Windows 52

Tenable

JUNE 2, 2020

The IP-in-IP protocol, outlined in RFC2003 , provides a mechanism to encapsulate one IP datagram within another IP datagram for tunneling, which allows for communication between two IP networks that do not have a native routing path. Cisco released an advisory for CVE-2020-10136 on June 1 for NX-OS Software. RFC2003 IP-in-IP.

Network 106

Network Software Review Systems Review Analysis 106

Tenable

NOVEMBER 9, 2022

CVE-2022-27510: Critical Citrix ADC and Gateway Authentication Bypass Vulnerability Citrix publishes an advisory to address multiple flaws in its ADC and Gateway products, including a critical vulnerability. Authentication bypass vulnerabilities like this one could be exploited by an attacker as an initial access vector into a network.

Authentication 52

Authentication Virtualization Healthcare Network 52

Tenable

AUGUST 4, 2022

Malware is most commonly distributed in phishing messages or malicious documents and websites; it often still relies on unpatched vulnerabilities to gain elevated privileges, move throughout target environments and execute code. We have analyzed reports on the malware strains to identify any vulnerabilities associated with them.

Malware 77

Malware Windows SMB Groups 77

Tenable

DECEMBER 2, 2022

Get the latest on Log4Shell’s global remediation status; the need for metaverse security rules; a shutdown of “pig butchering” domains; tips for secure IoT products; an informal poll about AD security; and more! . 1 - Tenable: 72% of organizations still vulnerable to Log4Shell. For more information, read Tenable’s press release.

IoT 52

IoT Guidelines Systems Review Technical Review 52

Tenable

JULY 6, 2020

On June 30, F5 Networks published support articles identified as K52145254 and K43638305 to address two vulnerabilities in BIG-IP, its family of products which includes software and hardware solutions that provide access control, application availability and security solutions. These products include: Local Traffic Manager (LTM).

Software Review 98

Software Review Technical Review Systems Review Research 98

Tenable

APRIL 1, 2020

While you’re at it, integrate all your SaaS solutions into one central identity and access management solution. At the same time, you should begin working with product engineering to reduce access to infrastructure-as-a-service providers. At Tenable, we set up privileged access management for products like Tenable.io

Organization 111

Organization How To Business Continuity Network 111

Tenable

SEPTEMBER 2, 2022

More information: “ A Practical Approach for Shifting Left ” (Tenable). Which career paths do they take to become a CISO? The latest guidance for combatting “adversarial machine learning” attacks comes from the U.K.’s 5G networks vulnerable to adversarial ML attacks ” (TechTarget). How much do CISOs earn?

Security 52

Security Software Review Artificial Inteligence Technical Review 52

Tenable

MARCH 11, 2024

This was the focus of part one in this three part blog series, “ How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform. ” In this second installment, we’ll expand on key challenges that impede effective breach prevention.

IoT 65

IoT Technical Review How To Systems Review 65

Tenable

MAY 9, 2023

With the integration of Tenable Security Center into Tenable One, Tenable becomes the only vendor to offer exposure management for both on-premises and hybrid deployment models. Historically, any kind of aggregated, relationship-focused analysis had to be done manually and in an external data store.

Analysis 100

Analysis Analytics Cloud Programming 100

Tenable

DECEMBER 18, 2023

Respected analyst firms and industry experts once again validated the exceptional quality, innovation and performance of Tenable products. Tenable is wrapping up another year with an impressive collection of milestones, awards and recognitions from some of the most demanding and rigorous analysts and industry experts.

Security 75

Security Industry Analysis Innovation 75

Tenable

OCTOBER 4, 2022

Anticipate likely attacks. Today, Tenable is proud to announce the Tenable One Exposure Management Platform, which unifies a variety of data sources into a single exposure view to help organizations gain visibility, prioritize efforts and communicate cyber risks. What’s inside the Tenable One Exposure Management Platform?

Security 98

Security Comparison Insurance Windows 98

Tenable

AUGUST 25, 2021

To effectively prioritize remediation efforts, defenders must understand how attackers are targeting organizations and then act on that knowledge. Vulnerabilities in SSL VPN products are some of the most exploited by attackers for initial access to target networks, acting as a doorway for exploitation. Affected Product.

Organization 100

Organization WAN Authentication Groups 100

Tenable

MARCH 28, 2023

Cybersecurity professionals have long been discussing the pros and cons of cobbling together a preventive security program built on best-of-breed point tools versus using a consolidated platform approach. Trending analysis is more consistent due to a platform's singular cyber risk scoring. Both sides have valid points to make.

Technical Review 98

Technical Review Systems Review Study Analysis 98

Tenable

AUGUST 19, 2022

Here’s a new resource for small and medium-sized businesses looking for help preventing ransomware attacks. Have an incident response plan in place so that you can act quickly and deliberately if an attack occurs. Ransomware Preparedness: Why Organizations Should Plan for Ransomware Attacks Like Disasters ” (Tenable). “

IoT 52

IoT Malware Windows Guidelines 52

Tenable

OCTOBER 14, 2020

I've been on the technical end performing penetration tests and malware analysis. In my current role at Tenable, I manage vendor relationships for 40 security tools and can tell you, with a fair degree of granularity, what each of those tools is doing on a daily basis and how it's performing.

Technical Review 103

Technical Review Study Metrics Organization 103

Tenable

JUNE 6, 2023

At Tenable, we believe that you need exposure management to protect your modern attack surface. Ever-growing adoption of cloud services and evolving work habits expand the attack surface faster than threat detection and response controls mature.” But it’s not just us.

Report 52

Report Strategic Planning Programming Enterprise 52

Tenable

MAY 13, 2020

Following initial reports that attackers were exploiting a vulnerability in Oracle WebLogic Server, researchers have shared more information about the flaw and its connection to CVE-2020-2555, just as a proof-of-concept has become available. Successful exploitation would result in the attacker gaining remote code execution. Background.

Software Review 106

Software Review Business Intelligence Research Systems Review 106

Tenable

AUGUST 4, 2023

survey on the current state of AI. A third of respondents indicated that their organizations are using generative AI regularly for at least one business function – mostly in marketing/sales, product development and service operations. surveyed 1,684 organizations, of which 913 are using AI in at least one business function.

Generative AI 52

Generative AI Software Review Technical Review Development Team Review 52

Tenable

APRIL 28, 2023

2 – How Tenable harnesses AI to streamline research activities Can ChatGPT-like tools help cybersecurity researchers be more efficient and effective? Yes, according to some early, yet promising, experiments conducted by Tenable.

ChatGPT 53

ChatGPT Conference Artificial Inteligence Weak Development Team 53

Tenable

AUGUST 11, 2023

Got an idea for a new AI-based cybersecurity product? 1 – White House contest to spur development of AI cyber tools To promote the development of AI-powered cybersecurity products, the White House and the Defense Advanced Research Projects Agency (DARPA) this week unveiled a two-year competition with about $20 million in prizes.

Tools 52

Tools Technical Review Strategic Planning Artificial Intelligence 52