Tenable

MARCH 3, 2023

Background As part of their #StopRansomware campaign, the Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency have released a cybersecurity advisory (CSA) discussing the Royal ransomware group. Get more information Joint CSA on Royal Ransomware Join Tenable's Security Response Team on the Tenable Community.

Groups 96

Groups Systems Review Technical Review Software Review 96

Tenable

JANUARY 11, 2022

Security Respo…. Microsoft Teams. Windows Local Security Authority. Windows Local Security Authority Subsystem Service. Windows Secure Boot. Windows Security Center. Windows User Profile Service. CVE-2022-21874 | Windows Security Center API Remote Code Execution Vulnerability. 9 Critical.

Windows 105

Windows Internet Open Source Storage 105

Tenable

MARCH 1, 2024

from CSO Magazine , The Register , SC Magazine and Help Net Security , as well as the videos below. APT29, also known as the Dukes, CozyBear and Nobelium/Midnight Blizzard, was responsible for the SolarWinds supply chain attack and other high-profile hacks against targets including Microsoft and Hewlett-Packard Enterprise.

Artificial Inteligence 73

Artificial Inteligence Malware Generative AI Government 73

Tenable

APRIL 12, 2022

Microsoft addresses 117 CVEs in its April 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild and reported to Microsoft by the National Security Agency. Microsoft Local Security Authority Server (lsasrv). Windows Local Security Authority Subsystem Service. 9 Critical.

Windows 98

Windows Systems Review Software Review SMB 98

Tenable

JANUARY 27, 2023

Sandworm APT Deploys New SwiftSlicer Wiper Using Active Directory Group Policy Sandworm, the Russian-backed APT responsible for NotPetya in 2017, has recently attacked an Ukrainian organization using a new wiper, SwiftSlicer. Tenable has coverage for CVEs known to be used by Sandworm. A dynamic and filtered list can be found here.

Policies 52

Policies Groups Malware Windows 52

Tenable

SEPTEMBER 14, 2020

Security researchers reveal how the cryptographic authentication scheme in Netlogon can be exploited to take control of a Windows domain controller (DC). Several proofs of concept (PoCs) have been published to GitHub [1] [2] [3] [4] which demonstrates wide interest and experimentation across the security community. Background.

Windows 115

Windows LAN Backup Authentication 115

Tenable

MARCH 9, 2021

In its March release, Microsoft addressed 82 CVEs, including a zero-day vulnerability in Internet Explorer that has been exploited in the wild and linked to a nation-state campaign targeting security researchers. Tenable solutions. Microsoft's March 2021 Security Updates. Tenable Blog Post for Exchange Server Vulnerabilities.

Windows 106

Windows Azure Internet Research 106

Tenable

AUGUST 10, 2021

Windows User Profile Service. This vulnerability was reported internally by Microsoft’s Security Response Center and Microsoft’s Threat Intelligence Center. Microsoft encourages prioritizing patching domain controllers first and notes that further action, found in KB5005413 , is required after applying the security update.

Windows 100

Windows Azure LAN .Net 100

Tenable

JULY 22, 2020

On June 19, the Australian Cyber Security Centre (ACSC) published Advisory 2020-008 in response to reports that threat actors were targeting Australian government agencies and companies. At the end of January, another Tenable Security Response blog post was written detailing an increase in attacks observed in the wild.

WAN 96

WAN Software Review Authentication Government 96

Tenable

FEBRUARY 16, 2023

Background As part of their #StopRansomware campaign, the Federal Bureau of Investigations and Cybersecurity and Infrastructure Security Agency have released a joint Cybersecurity Advisory (CSA) in collaboration with South Korea's National Intelligence Service and Defence Security Agency. A dynamic and filtered list can be found here.

Malware 53

Malware Systems Review Technical Review Healthcare 53

Tenable

FEBRUARY 4, 2021

When securing dynamic cloud environments, the ability to continuously discover and assess cloud assets allows you to quickly detect issues as new vulnerabilities are disclosed and as your environment changes. But with the benefits of agility and efficiency comes the challenge of protecting and securing your assets and workloads in the cloud.

Cloud 98

Cloud AWS Study Survey 98

Tenable

APRIL 30, 2020

This user can embed malicious PHP code into the change name option in their profile, which will output into the PHP file that was created. A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. Join Tenable's Security Response Team on the Tenable Community.

Software Review 97

Software Review PHP Systems Review Research 97

Tenable

DECEMBER 7, 2020

Tenable’s Zero-Day Research team found encouraging trends in how quickly software vendors are responding to our private disclosures, as well as how they’re addressing critical and high-severity vulnerabilities. At least five high-profile vulnerabilities received a CVSSv3 score of 10.0 A Closer Look at Zero-Day Response Times.

Software Review 96

Software Review Software Data Comparison 96

Tenable

FEBRUARY 8, 2022

Microsoft Teams. Roaming Security Rights Management Services. Windows User Account Profile. Tenable Solutions. Microsoft's February 2022 Security Updates. Tenable plugins for Microsoft February 2022 Patch Tuesday Security Updates. Join Tenable's Security Response Team on the Tenable Community.

Windows 52

Windows Research Azure System 52

Tenable

OCTOBER 4, 2023

The intention behind commenting, especially with a verified account, is to gather the attention of TikTok users to visit their profile. This is why some of the profiles contain no videos, as they are in the early stages of pivoting to the MrBeast impersonation.

Video 66

Video Survey Advertising Media 66

Tenable

MAY 19, 2023

Altman goes to Washington Lively discussions around how much government control there should be over artificial intelligence (AI) products continue globally – and cybersecurity teams should closely monitor which way the regulatory winds are blowing. The latest high-profile debate happened this week in Washington D.C.,

Artificial Inteligence 52

Artificial Inteligence Generative AI Technical Review ChatGPT 52

Tenable

APRIL 8, 2021

It'll be of the utmost importance for you and other stakeholders in your organization with a focus on cybersecurity to look beyond the misconceptions and understand the facts behind effective security. No potential target is "valueless" to malicious online actors just because of its size or low profile. Let’s start myth-busting!

SMB 101

SMB Malware Systems Review VOIP 101

Tenable

NOVEMBER 23, 2021

Current events featuring high profile individuals offer the perfect fodder for scammers, as they can count on significant interest from audiences looking to watch livestream footage on YouTube. Join Tenable's Security Response Team on the Tenable Community. Get a free 30-day trial of Tenable.io

Video 100

Video Report Malware Examples 100

Tenable

JUNE 24, 2021

When browsing the user’s profile, we see that this user joined YouTube in August, 2011. We reached out to YouTube to share our findings prior to publication, but we did not receive a response. Join Tenable's Security Response Team on the Tenable Community.

Advertising 102

Advertising Video Blockchain Research 102

Tenable

MARCH 9, 2023

Tenable OT Security, formerly known as Tenable.ot, brings hybrid discovery capabilities and increased visibility for the broadest range of IT and OT devices, making it easier than ever for CISOs to manage security and risk. What’s inside Tenable OT Security? How do you secure what you can’t see?

IoT 98

IoT Network Malware Policies 98

Tenable

MAY 13, 2020

They do so by first creating fake profiles on these P2P applications. These profiles typically impersonate an organization, like Cash App, or a user, oftentimes a celebrity or other notable figure. In one case, the impersonator forgot to swap out their own profile photo. Scams on Venmo and PayPal. Thank you so much!

Media 120

Media Social Banking Applications 120

Tenable

JANUARY 31, 2024

These are the findings from a commissioned survey including 262 IT and security professionals who have the final decision-making authority for their organization’s cloud infrastructure. And, managing who has access to these systems poses a significant challenge.

Security 59

Security Cloud Fractional CTO Technical Review 59

Tenable

JUNE 29, 2020

CVE-2020-2021 is an authentication bypass vulnerability in the Security Assertion Markup Language (SAML) authentication in PAN-OS. Under the SAML Identity Provider Server Profile configuration section, the “Validate Identity Provider Certificate” option needs to be disabled (unchecked) in order for the device to be vulnerable.

Authentication 120

Authentication Network Firewall Azure 120

Tenable

SEPTEMBER 16, 2022

16 | How cybersecurity excellence boosts business | CISOs on a vendor-consolidation campaign | A quick check on converged OT/IT cybersecurity | Guides to help developers beef up on security | And much more! Use automated cybersecurity tools to boost prevention, response and efficiency. If not, it’s likely to contain security issues.

Security 98

Security Survey Open Source .Net 98

Tenable

MAY 22, 2019

Through the course of doing broad-scope interviews with CISOs and security analysts, we were sure to ask about their experiences with vulnerabilities in the news. High-profile vulnerabilities are not just a concern for security teams. So we asked them. If so, how?” Our key findings were that: .

Media 77

Media Metrics Technical Advisors Security 77

Tenable

DECEMBER 23, 2022

As 2022 draws to a close, we asked Tenable experts what they expect for the new year. After reading the tea leaves, they’re forecasting developments in extortion attacks, OT security, SaaS threats, metaverse risks and more! Dive into these six predictions for 2023 from Tenable experts. 2 – OT security will dodge budget cuts .

Development Team Review 52

Development Team Review Software Review Technical Review Systems Review 52

Tenable

MAY 13, 2021

Once these verified Twitter accounts were compromised, the scammers pivoted them away from their original owners by changing the avatar or profile picture as well as the associated name. At this price, the scammer responsible for this campaign earned $1.6 Join Tenable's Security Response Team on the Tenable Community.

Video 105

Video Media Sport Analysis 105

Tenable

AUGUST 18, 2023

The Center for Internet Security unpacks how to establish foundational cyber hygiene at a reasonable cost. Plus, the Cyber Safety Review Board issues urgent security recommendations on its Lapsus$ report – and announces it’ll next delve into cloud security. Moreover, are humans or AI better at crafting phishing emails?

Software Review 52

Software Review Technical Review Artificial Inteligence How To 52

Tenable

SEPTEMBER 22, 2021

The self-reported data is drawn from a commissioned study of more than 1,300 security leaders, business executives and remote employees worldwide, including 153 respondents in France. The study, Beyond Boundaries: The Future of Cybersecurity in the New World of Work , was conducted by Forrester Consulting on behalf of Tenable in April 2021.

Study 52

Study Cloud Organization Policies 52

Tenable

SEPTEMBER 22, 2021

But, by their own admission, only 58% of German organizations feel they are prepared to support new workforce strategies from a security standpoint. The self-reported data is drawn from a commissioned study of more than 1,300 security leaders, business executives and remote employees worldwide, including 156 respondents in Germany.

Study 52

Study Cloud Organization Strategy 52

Tenable

SEPTEMBER 22, 2021

The self-reported data is drawn from a commissioned study of more than 1,300 security leaders, business executives and remote employees worldwide, including 168 respondents in the U.K. As part of changes made in response to the pandemic, 46% of U.K. Introducing a hybrid working model is complex. While 57% of U.K.

Study 52

Study Cloud Network Report 52

Tenable

OCTOBER 14, 2021

In fact, six out of 10 Brazilian leaders said the number of business-impacting* cyberattacks increased with the pandemic and 75% attributed recent business-impacting cyberattacks to vulnerabilities in technology implemented in response to the pandemic. Remote work introduces new business risks .

Study 52

Study Cloud Report Organization 52

Tenable

SEPTEMBER 25, 2019

for Jira Core and Jira Software , which included a fix for an important security issue reported in August 2019. Dai Zovi, Head of Security at Square’s CashApp, retweeted Chen’s tweet saying “If you’re running JIRA on AWS consider this SSRF to be RCE.” Our example above simply aims to get the security credentials from the environment.

Software Review 15

Software Review AWS Google Cloud Systems Review 15

Tenable

SEPTEMBER 3, 2020

A thread from the private iMoney Facebook group showed an exchange between a user who claimed to have seen great success in securing referrals and another lamenting that they’ve not had quite the same luck, noting that they’ve snagged only four referrals with only one referral resulting in task completion. There’s ample room for improvement.

Advertising 102

Advertising Software Review Technical Review Video 102

Tenable

OCTOBER 22, 2021

Source: Tenable, October 2021 Two years ago, I published research highlighting how growing platforms like TikTok can become havens for scammers , and how the rise of impersonation accounts on the platform were being fueled by the social currency of likes and followers. Source: Tenable, October 2021. Source: Tenable, October 2021.

Video 112

Video Virtualization Report Games 112