Tenable Blog

A remote code execution bug in the Chinese open source framework ThinkPHP is being actively used by threat actors to implant a variety of malware, primarily targeting Internet of Things (IoT) devices.

We see a lot of confusion and misinformation in the market when it comes to understanding active technologies for OT. Here’s what you need to know.

“Active” is a big buzzword in industrial cybersecurity these days. But what is it? How does it work? Is it safe? Do you even need it?

In today's edition of Tenable's State and Local Government Video Blog Series, we discuss how IRS 1075 (FTI) and CJIS Security compliance can help organizations reduce cost, create resource efficiencies and improve your ability to close the cyber exposure gap.

Most state and local governments and organizations face a constantly changing compliance landscape, and often must adhere to multiple regulatory compliance standards, each with their own set of requirements for handling sensitive information.

Tenable Research has discovered multiple vulnerabilities including cross site scripting, open redirects and drive mapping in LabKey Server Community Edition 18.2-60106.64. Labkey has released patches.

Publicly released and newly named “PrivExchange” proof-of-concept (POC) privilege escalation code exploits protocol flaws and default configurations to give standard Exchange users Domain Administrator access.