Tenable

JANUARY 27, 2023

Background On January 27, ESET Research has published a thread on Twitter discussing its analysis of a new wiper malware used in a cyberattack in Ukraine. 1/3 pic.twitter.com/pMij9lpU5J — ESET Research (@ESETresearch) January 27, 2023 Analysis SwiftSlicer is a wiper malware written in the Go programming language.

Policies 52

Policies Groups Malware Windows 52

Tenable

APRIL 30, 2020

On April 29, 2020, Check Point researchers Omri Herscovici and Sagi Tzadik published research into three popular WordPress learning management system (LMS) plugins: LifterLMS , LearnDash and LearnPress. Check Point noted in their research that this flaw was “very trivial to identify and exploit.” Check Point Research.

Software Review 97

Software Review PHP Systems Review Research 97

Tenable

MARCH 1, 2024

Well, researchers from OpenAI and Carnegie Mellon University (CMU) tackled this question and just published a study outlining specific assessment criteria. All along, a core question has been: How do you test and evaluate an LLM’s cybersecurity capabilities and risks? updates guidance on ALPHV Blackcat, warns healthcare orgs The U.S.

Artificial Inteligence 75

Artificial Inteligence Malware Generative AI Government 75

Tenable

DECEMBER 6, 2022

Tenable CIO Patricia Grant and CSO Robert Huber share insights and best practices to help IT and cybersecurity leaders and their teams weather the next cyber crisis of Log4j proportions. They’re important questions to ponder, especially with the findings about the current state of Log4j remediation that Tenable recently disclosed.

Policies 97

Policies Software Exercises Organization 97

Tenable

MAY 26, 2022

Image Source: Tenable, March 2022. Image Source: Tenable, March 2022. These hijacked verified accounts were pivoted to use profile pictures (PFPs) of BAYC NFTs to lend legitimacy to their claims of airdrops of $APE tokens. Image Source: Tenable, March 2022. Image Source: Tenable, May 2022. million dollars.

Blockchain 57

Blockchain Authentication Research Innovation 57

Tenable

JULY 22, 2020

Researchers at BishopFox published a blog post in December 2019 on CVE-2019-18935. At the time, little was known about the exploitability of this vulnerability, but the flaw was severe enough that Tenable Security Response posted a blog post around the vulnerability. Some additional IOCs @ [link] pic.twitter.com/70LQCOmuTn.

WAN 98

WAN Software Review Authentication Government 98

Tenable

JULY 30, 2021

Tenable's analysis of the 29 vulnerabilities highlighted in a recent CISA alert reveals key differences between CVSS and our Vulnerability Priority Rating. and Tenable Lumin. In comparison, using Tenable's VPR, 24 of the 29 vulnerabilities flagged by CISA are rated as Critical. Tenable Research and Cyber Exposure Alerts.

Software Review 106

Software Review Technical Review Comparison Machine Learning 106

Tenable

OCTOBER 4, 2023

The intention behind commenting, especially with a verified account, is to gather the attention of TikTok users to visit their profile. This is why some of the profiles contain no videos, as they are in the early stages of pivoting to the MrBeast impersonation.

Video 68

Video Survey Advertising Media 68

Tenable

DECEMBER 7, 2020

Tenable’s Zero-Day Research team found encouraging trends in how quickly software vendors are responding to our private disclosures, as well as how they’re addressing critical and high-severity vulnerabilities. At least five high-profile vulnerabilities received a CVSSv3 score of 10.0 Clearly I was WRONG. .

Software Review 96

Software Review Software Data Comparison 96

Tenable

FEBRUARY 8, 2022

Windows User Account Profile. These are the same researchers who disclosed CVE-2021-34527, kicking off the PrintNightmare saga in June 2021. As researchers continue to focus their time on discovering flaws in Print Spooler, it is likely that attackers are as well, therefore organizations should apply these updates urgently.

Windows 52

Windows Research Azure System 52

Tenable

AUGUST 10, 2021

Windows User Profile Service. CVE-2021-36936 is one of two vulnerabilities this month that Microsoft says were publicly disclosed, which may be related to several bugs in Print Spooler that were identified by researchers over the past few months. Tenable Solutions. Join Tenable's Security Response Team on the Tenable Community.

Windows 100

Windows Azure LAN .Net 100

Tenable

JUNE 10, 2020

In the last of our three-part series, Tenable Research evaluates the prevalence of vulnerabilities across the global population, as well as the implications of those findings on attackers' economic incentives. The new report from Tenable Research seeks answers to the following research questions: . Tenable has a 4.5-petabyte

Organization 103

Organization Research Internet Strategy 103

Tenable

MAY 19, 2022

During a recent podcast, Tenable's VP of Operational Technology Marty Edwards discussed the cyber threats faced by critical infrastructure providers and the importance of OT security, topics he'll address again next week during a LinkedIn Live with CNN. . It’s a topic that Tenable feels strongly about.

Infrastructure 54

Infrastructure Government Research Report 54

Tenable

DECEMBER 9, 2020

At Tenable, we've identified the following global privacy and cybersecurity policy challenges and expected developments that cybersecurity professionals need to monitor in 2021: . Learn more: To learn more about the issues covered in this blog, watch the Tenable webinar, 5 Global Trends That Will Impact Your Security Program in 2021.?.

Security 98

Security Policies Technical Review Systems Review 98

Tenable

MAY 19, 2023

The latest high-profile debate happened this week in Washington D.C., over AI’s growing influence in daily life ” (Pew Research Center) “ MITRE-Harris Poll Finds Lack of Trust Among Americans in AI Tech ” (MITRE) “ Why are we so afraid of AI? ” (The Washington Post) “ ChatGPT Thinks Americans Are Excited About AI.

Artificial Inteligence 52

Artificial Inteligence Generative AI Technical Review ChatGPT 52

Tenable

JULY 11, 2019

Tenable Research has discovered multiple critical vulnerabilities in both Citrix SD-WAN Center and the SD-WAN appliance itself that could allow a remote, unauthenticated attacker to compromise the underlying operating systems of each. Tenable has released two research advisories [ 1 , 2 ] to cover the scope of these vulnerabilities.

WAN 40

WAN Authentication Research Operating System 40

Tenable

FEBRUARY 4, 2021

If the lessons from high-profile breaches have taught us anything, it is that you, the data owner, are ultimately responsible for your cloud assets — not your cloud service providers. Yet, even when assets are discovered, Tenable's own research shows that only 20% of them are actually assessed for exposures.

Cloud 98

Cloud AWS Study Survey 98

Tenable

NOVEMBER 23, 2021

In this blog, I share highlights of my recent research targeting interest in cryptocurrencies such as Bitcoin (BTC), Ethereum (ETH), Dogecoin (DOGE), Cardano (ADA), Ripple (XRP), and Shiba Inu (SHIB), including details that can help YouTube users identify and avoid falling prey to these cons. Newsworthy events. Vulnerability Management.

Video 100

Video Report Malware Examples 100

Tenable

APRIL 8, 2021

No potential target is "valueless" to malicious online actors just because of its size or low profile. Recent research has borne out that the odds of a small or medium-sized business (SMB) undergoing a cyberattack or data breach are more than 50-50: About 66% of SMBs experienced at least one cyberattack in 2019. 14, 2021 4. 14, 2021 4.

SMB 101

SMB Malware Systems Review VOIP 101

Tenable

OCTOBER 1, 2022

High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks ” (SecurityWeek). Apache Log4j Flaw: A Fukushima Moment for the Cybersecurity Industry ” (Tenable). IT/OT Convergence: Now Is the Time to Act ” (Tenable). Accidental Convergence: A Guide to Secured IT/OT Operations ” (Tenable). In a survey of 1,200 U.S.

Open Source 52

Open Source Systems Review Software Review Government 52

Tenable

JUNE 24, 2021

Finally, they add that for each transaction involving the $SpaceX coin, a donation will be made “towards space research companies” in order to “help Elon’s mission.”. When browsing the user’s profile, we see that this user joined YouTube in August, 2011. Join Tenable's Security Response Team on the Tenable Community.

Advertising 103

Advertising Video Blockchain Research 103

Tenable

MAY 13, 2020

In October 2019, I shared my research into the underbelly of scams on Cash App, a popular peer-to-peer (P2P) payment service operated by Square, Inc., They do so by first creating fake profiles on these P2P applications. In one case, the impersonator forgot to swap out their own profile photo. Scams on Venmo and PayPal.

Media 122

Media Social Banking Applications 122

Tenable

NOVEMBER 26, 2019

Let's walk through how to audit Azure with Tenable. Previously, compliance support in Tenable products was limited to the items and capabilities offered in the TNS Azure Best Practice audit files. Log Profiles exist. At Tenable, we regularly update our policy compliance audits to match the newest versions by CIS and the U.S.

Azure 14

Azure How To Authentication Compliance 14

Tenable

FEBRUARY 14, 2024

This is the first part of a two-part blog series that details my firsthand research into pig butchering scams from the end of 2022 into early 2024. Are the same people behind both the social media and dating app profiles and the messaging apps? Are all of the images on these social media and dating app profiles fake?

Artificial Inteligence 131

Artificial Inteligence Media Social Real Estate 131

Tenable

JUNE 29, 2020

Also researchers should probably avoid disclosing details publicly for a window to give orgs time to mitigate. Under the SAML Identity Provider Server Profile configuration section, the “Validate Identity Provider Certificate” option needs to be disabled (unchecked) in order for the device to be vulnerable. Azure AD [ Image ].

Authentication 122

Authentication Network Firewall Azure 122

Tenable

SEPTEMBER 30, 2020

As an example of an attack Tenable has previously observed in the wild, let’s say your company uses a chatbot service on their site to generate sales leads. Despite the current risk profile for chatbots, it's still something security organizations within companies should be paying closer attention to and monitoring.

Authentication 122

Authentication Systems Review Meeting Social 122

Tenable

SEPTEMBER 16, 2022

How Security Leaders Can Become Dev and Ops Whisperers ” (Tenable). “ Shift left: Still a work in progress ” (Tenable). The cybersecurity of converged IT and OT systems used by critical infrastructure providers is very much in the spotlight, so we asked attendees at a recent Tenable webinar a couple of questions about this topic.

Security 98

Security Survey Open Source .Net 98

Tenable

MAY 22, 2019

High-profile vulnerabilities are not just a concern for security teams. Reflecting on the changes to the media landscape, Ryan Seguin, research engineer on the SRT said, "I think over the last five years you've had a perfect storm of factors in the industry. Our key findings were that: . on June 19 at 2:00PM ET. .

Media 78

Media Metrics Technical Advisors Security 78

Tenable

FEBRUARY 14, 2024

This is the second part of a two-part series based on firsthand research into pig butchering scams from the end of 2022 into early 2024. This is the second part of a two-part blog series that details my firsthand research into these scams from late 2022 to early 2024. Background In February 2024, the U.S. billion lost to scams in 2022.

Software Review 119

Software Review Research Examples Applications 119

Tenable

OCTOBER 24, 2019

This two-part series details the practices I uncovered while researching these scammers from July to September 2019. This research is not meant to be a comprehensive overview of all such scams; rather it’s an analysis of behavioral trends among a group of scammers targeting the popularity and interest around one particular application. .

Media 20

Media Video Social Research 20

Tenable

MAY 13, 2021

Once these verified Twitter accounts were compromised, the scammers pivoted them away from their original owners by changing the avatar or profile picture as well as the associated name. It is important to note that Tenable Research did not perform any deep analysis of the transaction history for these cryptocurrency addresses.

Video 106

Video Media Sport Analysis 106

Tenable

AUGUST 18, 2023

The guide is divided into five sections: Methodology Protections to start with IG1 enterprise profiles Tooling Costs “The safeguards in IG1 can be implemented for a relatively low cost and are a foundational and achievable set of security actions for even the smallest of enterprises,” the guide reads.

Software Review 52

Software Review Technical Review Artificial Inteligence How To 52

Tenable

SEPTEMBER 25, 2019

On September 23, security researcher Henry Chen published a tweet showing exploitation of the vulnerability in an animated GIF and referenced previous work around SSRF vulnerabilities from DEVCORE researcher Orange Tsai’s Black Hat talk, “A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!”

Software Review 15

Software Review AWS Google Cloud Systems Review 15

Tenable

DECEMBER 4, 2019

Last week, Tenable Research released the report, How Lucrative Are Vulnerabilities? White market in vulnerabilities and exploits: Primarily composed of cybersecurity vendors and researchers focused on making intelligence widely available. It has driven the price of zero-day exploits into astronomic six-digit figures.

Software Review 10

Software Review Microservices Marketing Research 10

Tenable

SEPTEMBER 3, 2020

Even if these considerable hurdles are surmounted, my research over the past seven months reveals some additional challenges a new owner might face in moderating activity on the popular video sharing app. For the scope of my research, however, I’ve chosen to focus on a plethora of advertising-related scams. Source: SensorTower.

Advertising 103

Advertising Software Review Technical Review Video 103

Tenable

AUGUST 14, 2019

In some of my earlier research, I uncovered a series of Instagram accounts impersonating lottery winners. Despite the real Salice Rose having a verified “popular creator” badge on her own profile, the impersonator still managed to gain over 7,000 followers on their account right off the bat. and an “e” with a macron above it (?)

Social 12

Social Backup Video Media 12

Tenable

OCTOBER 22, 2021

Source: Tenable, October 2021 Two years ago, I published research highlighting how growing platforms like TikTok can become havens for scammers , and how the rise of impersonation accounts on the platform were being fueled by the social currency of likes and followers. Source: Tenable, October 2021. How much do you love me”.

Video 114

Video Virtualization Report Games 114