Tenable Blog
SubscribeCVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065: Four Zero-Day Vulnerabilities in Microsoft Exchange Server Exploited in the Wild
Tenable Capture the Flag 2021: The Results Are In!
More than 1,500 teams from nearly 140 countries competed in Tenable's first-ever Capture the Flag competition. And the winners are... That’s a wrap on the first Tenable Capture the Flag event! We’d...
CVE-2021-21972: VMware vCenter Server Remote Code Execution Vulnerability
Proof-of-concept exploit scripts for a critical remote code execution flaw, along with mass scanning activity, indicate that organizations should apply vCenter Server patches immediately. Background...
Know Thy Assets: The First Step in Securing Your Industrial Environment
As operational technology systems are exposed to new cyber risks, security leaders can maximize their defense of critical industrial environments through comprehensive and detailed inventory of...
Introducing Tenable.ep: The First Risk-Based VM Platform as Dynamic as Your Attack Surface
Conquering your cyber risk requires a new approach to vulnerability management. With Tenable.ep, security teams gain a single, flexible license that enhances visibility and eliminates friction, so...
Learn the Language of Vulnerability Assessment: Key Security Terms You Should Know
Your introduction to vulnerability assessment doesn't have to be confusing – let's go over the key terms. When you're new to vulnerability assessment (VA) – or any other area of cybersecurity, for...
Accellion Patches Four Vulnerabilities in File Transfer Appliance (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104)
Accellion recently released patches addressing four vulnerabilities in its File Transfer Appliance, a tool linked to a growing list of data breaches since December. Update February 22, 2021: The...
Cloud Security: Why You Shouldn’t Ignore Ephemeral Assets
Your scheduled vulnerability scans may not catch short-lived cloud assets, creating opportunities for cybercriminals to exploit security gaps. The elastic nature of cloud environments allows cloud...
Asset Detection with Nessus Scanners: The First Step In Assessing Cyber Risk
Building a precise inventory of existing assets across your attack surface is essential for effective vulnerability management. Here's how the asset detection process in Nessus scanners can help....
NUMBER:JACK: Nine Vulnerabilities Across Multiple Open Source TCP/IP Stacks
Nine new vulnerabilities have been identified across several TCP/IP stacks embedded in millions of OT, IoT and IT devices, spurring continued scrutiny of these already vulnerable asset types....
Microsoft’s February 2021 Patch Tuesday Addresses 56 CVEs (CVE-2021-24074, CVE-2021-24094, CVE-2021-24086)
Despite addressing only 56 CVEs, Microsoft’s February 2021 Patch Tuesday release contains fixes for a number of significant security threats, as well as an elevation of privilege vulnerability...
CVE-2020-1472: Microsoft Finalizes Patch for Zerologon to Enable Enforcement Mode by Default
Zerologon has quickly become valuable to nation-state threat actors and ransomware gangs, making it imperative for organizations to apply these patches immediately if they have not yet done so....
When It Comes to Your Drinking Water, How Safe Is Your Operational Technology?
The recent intrusion of a Florida water-treatment plant highlights the need for strong protection of industrial control systems. Here's what you should consider.
