Tenable Blog
SubscribeDisrupting the Pervasive Attacks Against Active Directory and Identities
Disrupting Attack Paths: Why Tenable's Acquisition of Alsid Matters
This acquisition allows us to combine Tenable's ability to assess the state of the digital infrastructure with Alsid's ability to assess the state of Active Directory, helping security professionals a...
How to Migrate to Office 365 the Secure Way
Looking to extend your Active Directory to the cloud? This guide explores options for securely migrating your on-prem identities and access controls to Office 365. Cloud computing offers lower costs,...
The Top 10 Active Directory Security Questions CISOs Must Ask
Active Directory has become the primary target for advanced cyberattacks and ransomware groups. Here's what you should consider when evaluating security vendors. For more than 20 years, Active Directo...
Insider Threats in Active Directory: How to Safeguard Privileged and Non-Privileged User Accounts
In this post, we define privileges related to Active Directory and highlight the key security risks of internal privileged and non-privileged user groups. What do we mean by “privileges”? For the purp...
Primary Group ID Attack in Active Directory: How to Defend Against Related Threats
The Primary Group ID in Active Directory, created to help manage access to sensitive resources, has become a critical vulnerability that attackers can exploit to escalate privileges without leaving a...
How to Stop the Kerberos Pre-Authentication Attack in Active Directory
Here’s a look at how to safeguard your Active Directory from the known roasting attack on Kerberos Pre-Authentication. As part of the Kerberos authentication process in Active Directory, there is an i...
Securing Active Directory: How to Prevent the SDProp and adminSDHolder Attack
Attackers can get into your Active Directory by leveraging the SDProp process and gaining privileges through the adminSDHolder object. Here's how to stop them. Attackers use every possible trick and p...
Securing Active Directory: 3 Ways to Close the No-Password Loophole
Any Active Directory user can have their password requirements negated with a simple command. Here’s how to identify these gaps before an attacker does. With Active Directory being around for so long,...
Tenable Assure: Announcing the 2021 Global Partner Award Winners
Celebrating the elite defenders who are helping organizations around the world conquer their cyber risk. Cybersecurity is always a team effort. Day in, day out, defenders rely on an ecosystem of team...
Oracle April 2021 Critical Patch Update Addresses 257 CVEs including ‘Zerologon’ (CVE-2020-1472)
Oracle addresses over 250 CVEs in its second quarterly update of 2021 with 390 patches, including 34 critical updates. Background On April 20, Oracle released its Critical Patch Update (CPU) for Apri...
CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in the Wild
Threat actors are leveraging a zero-day vulnerability in Pulse Connect Secure, for which there is no immediate patch scheduled for release. Update May 3, 2021: The Analysis and Solution sections have...
NAME:WRECK: Nine DNS Vulnerabilities Found in Four Open Source TCP/IP Stacks
Nine new DNS-related vulnerabilities have been identified across TCP/IP stacks embedded in millions of devices. Background On April 13, 2021, researchers at Forescout and JSOF published a report calle...
