Tenable

NOVEMBER 4, 2023

The Ermetic research team, now part of Tenable Research, had discovered that AWS and Google Composer managed Apache Airflow services were vulnerable to CVE-2023-29247 ( Stored XSS ). This vulnerability was previously reported and fixed by Apache; more information can be found here.

Authentication 123

Authentication AWS Azure Google Cloud 123

Tenable

DECEMBER 13, 2022

Windows Contacts. Tenable Solutions. Tenable plugins for Microsoft December 2022 Patch Tuesday Security Updates. Join Tenable's Security Response Team on the Tenable Community. Learn more about Tenable , the first Cyber Exposure platform for holistic management of your modern attack surface.

Windows 98

Windows Authentication .Net Operating System 98

Tenable

MARCH 25, 2024

From automated asset inventory to malicious-activity detections through baselining, learn how Tenable OT Security can protect these critical functions within the DoD and work towards the federal government’s zero trust mandate in OT environments. It’s not just about adopting new technologies but securing them against evolving threats.

Transportation 70

Transportation Network System Infrastructure 70

Tenable

OCTOBER 2, 2020

Fortunately, Tenable has experience supporting a large, distributed workforce. In fact, more than half of Tenable engineers around the globe were already working remotely before the pandemic. For previously co-located teams, including mine at Tenable HQ, we used this foundation to adapt the ways in which we used to collaborate.

Engineering 101

Engineering UI/UX Social Meeting 101

Tenable

DECEMBER 8, 2023

Critical infrastructure operators interested in participating in the program should contact a security advisor at their region’s CISA office. gov’t offers free cyber services to critical infrastructure orgs Good news for critical infrastructure facilities that lack sufficient cybersecurity resources. Watch it on demand !

Software Review 70

Software Review Software Malware Software Development 70

Tenable

DECEMBER 2, 2022

Get the latest on Log4Shell’s global remediation status; the need for metaverse security rules; a shutdown of “pig butchering” domains; tips for secure IoT products; an informal poll about AD security; and more! . 1 - Tenable: 72% of organizations still vulnerable to Log4Shell. For more information, read Tenable’s press release.

IoT 52

IoT Guidelines Systems Review Technical Review 52

Tenable

MAY 31, 2019

At Tenable’s GovEdge 2019 public sector user conference, June 4-5 in Washington, D.C., you’ll learn how to make the most of your Tenable deployment and gain valuable Cyber Exposure best practices — all while networking with your peers, our experts and an entire ecosystem of partners. Tenable University on June 5. Learn more.

Security 84

Security Conference Education Government 84

Tenable

SEPTEMBER 30, 2021

In their research, Upguard found the exposure of personally identifiable information (PII), including COVID-19 related contact tracing and vaccination appointment details, social security numbers, employee IDs, names and addresses and a variety of other sensitive information. Source: Tenable Research, 2021.

Software Review 52

Software Review Systems Review Research How To 52

Tenable

NOVEMBER 19, 2020

As customers increasingly recognize the value of vulnerability response, Tenable and ServiceNow are delivering market-leading vulnerability insights and greater flexibility to help IT and security teams prioritize critical risks for remediation. Closing the remediation gap remains a key challenge for today’s security organizations.

VR 57

VR Guidelines IoT Survey 57

Tenable

JANUARY 26, 2024

If so, you might want to check out a new guide published this week about how businesses can use AI securely. They’re specifically worried the most about data breaches and about cyberattacks against critical infrastructure and physical assets. Dive into six things that are top of mind for the week ending January 26.

Artificial Inteligence 117

Artificial Inteligence Artificial Intelligence Weak Development Team Technical Advisors 117

Tenable

DECEMBER 7, 2020

Tenable Research compared the number of patches issued by software vendors for critical and high-severity vulnerabilities in the first half of 2020 with the same periods in the prior four years. In weeks 1 – 12 of 2020, the average time from our first contact to the vendor’s patch release was 72 days. Clearly I was WRONG. .

Software Review 96

Software Review Software Data Comparison 96

Tenable

JUNE 23, 2022

Phoenix Contact. Tenable Research has developed plugins to identify devices that may be vulnerable to the OT:ICEFALL related flaws: 500655 - Saia Burgess OT:ICEFALL Multiple Potential Vulnerabilities. Join Tenable's Security Response Team on the Tenable Community. MOSCAD ACE IP gateway MDLC ACE1000 MOSCAD Toolbox STS.

Research 53

Research Security Technology Weak Development Team 53

Tenable

APRIL 24, 2019

At Tenable’s Edge 2019 user conference, May 21-23 in Atlanta, you’ll learn how to make the most of your product investments and gain valuable Cyber Exposure best practices all while networking with your peers, our experts, and an entire ecosystem of partners. Here’s what it’s all about. Learn more about our partners here. .

Conference 58

Conference Travel Network Healthcare 58

Tenable

JULY 11, 2019

However, in order to exploit the vulnerability, an SMTP server needs to be configured, and either the Contact Administrators Form needs to be enabled (unauthenticated attack), or the attacker has “JIRA Administrators” access (authenticated attack). A list of Tenable plugins to identify this vulnerability will appear here as they’re released.

Data Center 71

Data Center Data Analysis Authentication 71

Tenable

JANUARY 20, 2021

When this blog was published, it was not clear if each of the vendors contacted through coordination with CERT/CC and JSOF have responded. A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. Join Tenable's Security Response Team on the Tenable Community.

LAN 103

LAN Software Review Technical Review Systems Review 103

Tenable

SEPTEMBER 29, 2020

Below is a list of all six vulnerabilities that were disclosed along with their CVSSv3 and Tenable VPR scores. Tenable VPR*. Please note Tenable VPR scores are calculated nightly. A list of Tenable plugins to identify this vulnerability is available here. Join Tenable's Security Response Team on the Tenable Community.

System 56

System Industry Analysis System Design 56

Tenable

MAY 7, 2020

We recommend referring to the individual Cisco advisories or contacting the Cisco Technical Assistance Center (TAC) for information on solutions. A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. Join Tenable's Security Response Team on the Tenable Community.

Authentication 63

Authentication System Operating System Software 63

Tenable

APRIL 9, 2019

Tenable Research discovered multiple vulnerabilities in Verizon’s Fios Quantum Gateway routers. Tenable Research has discovered multiple vulnerabilities in the Verizon Fios Quantum Gateway (G1100) router. Tenable researcher Chris Lyne has outlined several potential attack scenarios for these vulnerabilities. Tenable Advisory.

Wireless 78

Wireless Authentication Technical Review Internet 78

Tenable

APRIL 11, 2019

Tenable Research has discovered a critical vulnerability in Citrix SD-WAN Center that could lead to remote code execution. Tenable Research discovered this vulnerability while developing a plugin for CVE-2017-6316 and reported it to Citrix. Tenable Advisory. Background. x before 10.2.1 and NetScaler SD-WAN Center 10.0.x

WAN 43

WAN Software Review Systems Review Research 43

Tenable

DECEMBER 9, 2020

At Tenable, we've identified the following global privacy and cybersecurity policy challenges and expected developments that cybersecurity professionals need to monitor in 2021: . there will continue to be concerns about data privacy standards and enforcement across borders. Brexit and data security.

Security 98

Security Policies Technical Review Systems Review 98

Tenable

OCTOBER 1, 2022

In the Uber case, the hacker reportedly took his efforts to another level by actually contacting the targeted user – a Uber contractor – via Whatsapp, saying he was a Uber IT staffer. government’s grave concern about the security of the software supply chain, new legislation focused on open source software (OSS) has just been introduced.

Open Source 52

Open Source Systems Review Software Review Government 52

Tenable

JUNE 19, 2019

The researchers said they found “a new oracle webLogic[sic] deserialization RCE 0day vulnerability” that “is being actively used in the wild” and they had contacted Oracle to inform them of these new developments. Tenable anticipates updated PoCs will become available soon. and 12.1.3.0.0. had not been released. Get more information .

IoT 40

IoT Research Internet Report 40

Tenable

DECEMBER 9, 2020

Contact for update. Tenable is working to implement product coverage for the AMNESIA:33 vulnerabilities across our suite of products, including Tenable.ot. A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. Join Tenable's Security Response Team on the Tenable Community.

Open Source 53

Open Source Research .Net Weak Development Team 53

Tenable

JULY 20, 2022

Source: Tenable Research, July 2022. To learn about those tactics and other key features of the ransomware ecosystem, read Tenable’s report. Circumventing MFA through spamming prompts or contacting help desk. AvosLocker leak website, Image Source: Tenable, May 2022. Ransomware or extortion? Get more information .

Groups 70

Groups Authentication Malware Report 70

Tenable

AUGUST 5, 2019

In my experience running Technical Support for Tenable, I’ve gained valuable insight into what makes a strong vendor/customer relationship. When you make any large scale technology purchase, Technical Support may not be the first thing you think about. Learn more: Visit Tenable’s Technical Support webpage here: [link].

Technical Support 37

Technical Support Knowledge Base Engineering Training 37

Tenable

JANUARY 12, 2023

The malware samples, which were trying to contact either cloud services or customer-created workloads hosted by these three cloud service providers (CSPs), used either pre-specified or randomly selected IP addresses and TCP/IP ports. When It Comes to Effective Cloud Security, Sharing is Caring ” (Tenable webinar).

Cloud 52

Cloud Backup Malware Google Cloud 52

Tenable

APRIL 18, 2024

Tenable has joined the lineup of solutions used to run real-world simulations in this controlled environment. Speaking about the site today, Chris Hilbourne, Portfolio Manager for Cyber Technology Services at Thales explained, “The lab is a mix of both physical and typical IT equipment. This leads to a higher risk of cyberattacks.

Technology 57

Technology Exercises Windows Virtualization 57

Tenable

APRIL 10, 2019

from Siemens about this CVE for this product, the CVE itself is associated with a variety of Siemens product configurations & already. users can obtain the Web Office Portal fix, Bugfix bf-47456_PE_WOP_fix by contacting Siemens Energy Customer Support at support.energy@siemens.com. While this advisory is the first release (1.0)

Linux 58

Linux Industry Energy Network 58

Tenable

MARCH 9, 2023

Tenable OT Security, formerly known as Tenable.ot, brings hybrid discovery capabilities and increased visibility for the broadest range of IT and OT devices, making it easier than ever for CISOs to manage security and risk. What’s inside Tenable OT Security? How do you secure what you can’t see?

IoT 98

IoT Network Malware Policies 98

Tenable

MAY 13, 2020

In our summary about scammers , we highlighted how they have shifted gears to capitalize on the economic uncertainty posed by COVID-19. Klein has since posted a warning to his followers about it, even providing an example screenshot of the requests for money that scammers are sending. Directing “winners” to contact an “agent”.

Media 122

Media Social Banking Applications 122

Tenable

MARCH 21, 2024

Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the Airflow instance.

AWS 129

AWS Azure Authentication Software Review 129

Tenable

SEPTEMBER 5, 2019

In February 2018, an issue was filed on the Mailchimp project on Drupal from a user who was contacted by their hosting provider, indicating that the eval-stdin.php on their web server was malicious. A list of Tenable plugins to identify this vulnerability will appear here as they’re released. Tenable CVE Summary: CVE-2017-9841.

PHP 15

PHP Open Source Testing Internet 15

Tenable

JULY 1, 2022

All you ever wanted to know about ransomware. 3 -- Everything you always wanted to know about ransomware but were afraid to ask. That’s why Tenable Research’s new report “The Ransomware Ecosystem” is a must-read. Watch Satnam Narang, Tenable Senior Staff Research Engineer, discuss the report . And much more!

Azure 98

Azure Budget Delivery Management Study 98

Tenable

DECEMBER 24, 2019

Feel free to contact us if you had any technical questions! Tenable strongly advises organizations and individuals to upgrade to patched versions as soon as possible. A list of Tenable plugins to identify these vulnerabilities can be found here. We haven't found any proof of wild abuse of Magellan 2.0 Get more information.

Technical Advisors 10

Technical Advisors Programming Internet Analysis 10

Tenable

NOVEMBER 12, 2019

Because SYLK files do not open in Protected View , an end-user opening a specially crafted file would receive no warning or prompt from Excel about opening the file and would have none of the protection offered by the Protected View security feature. Tenable Solutions. Join Tenable's Security Response Team on the Tenable Community.

Software Review 15

Software Review Systems Review Windows Internet 15

Tenable

JUNE 30, 2021

Here's how the integration between Tenable and HCL BigFix can help you quickly correlate vulnerabilities and patches to reduce risk. Source: Tenable. Tenable + HCL Integration Overview. The integration between Tenable and HCL BigFix enables organizations to see everything, predict what matters and act to address risk.

Systems Review 97

Systems Review Technical Review Organization Tools 97

Tenable

SEPTEMBER 30, 2020

Redirecting site visitors to other resources or contacts. For example, if a prospective customer wants to chat with a salesperson about terms for a potential deal, they'll have a quick back and forth with the bot, which will result in a meeting with a salesperson being scheduled. Today’s chatbots serve a variety of purposes.

Authentication 122

Authentication Systems Review Meeting Social 122