Tenable Blog
SubscribeNAME:WRECK: Nine DNS Vulnerabilities Found in Four Open Source TCP/IP Stacks
Tenable and the Path to Zero Trust
The simplicity of the zero-trust concept belies the complexity of implementing it in most large organizations. Here are four factors to consider before you begin the journey. Zero trust, a cybersecuri...
CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483: Four Critical Microsoft Exchange Server Vulnerabilities Patched in April Patch Tuesday
One month after disclosing four zero-day vulnerabilities in Exchange Server, Microsoft addresses four additional vulnerabilities discovered by the National Security Agency (NSA). Background On April 1...
Microsoft’s April 2021 Patch Tuesday Addresses 108 CVEs (CVE-2021-28310)
Microsoft addresses 108 CVEs, including CVE-2021-28310 — which has reportedly been exploited in the wild — as well as four new remote code execution vulnerabilities in Microsoft Exchange. 19Critical 8...
CVE-2018-13379, CVE-2019-5591, CVE-2020-12812: Fortinet Vulnerabilities Targeted by APT Actors
Threat actors and ransomware groups are actively targeting three legacy Fortinet vulnerabilities. Background On April 2, the Federal Bureau of Investigation (FBI) along with the Cybersecurity and Infr...
Busting 5 Common Myths About Vulnerability Assessment
Don't let misconceptions stand in your way – get the facts on five common myths about vulnerability assessment. The simple truth of vulnerability assessment is that it's not always an easy task to acc...
Improving Municipal Cybersecurity: Tenable Supports Security Partnership with the National League of Cities
Recognizing the “perfect storm” created by COVID-19 disruptions, the NLC partnered with trusted security leaders to develop a turnkey solution for cities and local governments. The National League of...
CVE-2021-21975, CVE-2021-21983: Chained Vulnerabilities in VMware vRealize Operations Could Lead to Unauthenticated Remote Code Execution
VMware has addressed a pair of vulnerabilities in vRealize Operations that, when chained together, could result in unauthenticated remote code execution in vulnerable servers. Background On March 30,...
Cyber Hygiene: 5 Advanced Tactics to Maximize Your Risk Reduction
In part two of our series on cyber hygiene, we look at why businesses may need to go beyond the basics of vulnerability scanning and antivirus protection to ensure comprehensive security for their net...
How to Identify Compromised Microsoft Exchange Server Assets Using Tenable
As organizations continue to respond to a flurry of attacks by HAFNIUM and other threat actors leveraging Proxylogon (CVE-2021-26855) and related vulnerabilities (CVE-2021-26857, CVE-2021-26858, CVE-2...
CVE-2021-22986: F5 Patches Several Critical Vulnerabilities in BIG-IP, BIG-IQ
F5 releases patches for multiple vulnerabilities in BIG-IP and BIG-IQ, including a critical remote command execution flaw that does not require authentication and is likely to attract exploits in the...
The Growth of Vulnerability Assessment: A Look at What Nessus Offers Today
The Nessus team continues to develop advanced assessment capabilities, including visibility into new operating systems, exploitable vulnerabilities and container instances. When Renaud Deraison first...
Healthcare Security: Ransomware Plays a Prominent Role in COVID-19 Era Breaches
Ransomware is the root cause in a majority of the healthcare breaches analyzed. As the ongoing COVID-19 pandemic continues to place unprecedented strain on global healthcare infrastructure, attackers...