Tenable Blog

[UPDATE] When we released this warning over a week ago, we suspected it might gain traction and become a bigger issue. As expected, Microsoft addressed this vulnerability on Patch Tuesday. Of the many items addressed in the patch, the most important fixes are around CVE-2018-8174. This CVE references a Windows VBScript engine remote code execution vulnerability – otherwise known as the Double Kill IE zero-day vulnerability.

In 2016, Tenable was the first Center for Internet Security (CIS) member to receive certification for the Amazon AWS Foundations benchmark. We’re pleased to announce that we’ve continued our leadership in orchestrating compliance for Amazon Web Services (AWS) environments by becoming the first and only vendor to obtain CIS certification for the AWS Three-tier Web Architecture benchmark.

Based on the recent surge of attacks on network devices by Russian state-sponsored cyber actors, the US-CERT has released Technical Alert (TA18-106A). As of now, targets are primarily government and private-sector organizations, critical infrastructure providers and the internet service providers (ISPs) that support U.S. infrastructure. Tenable has warned about such attacks before, including as recently as last week.

The concept of a smart city came of age in conjunction with another now ubiquitous term: digital transformation. Cities and counties rely heavily on their taxing authority to provide critical services such as public safety, public works and infrastructure maintenance. By using the latest IP-enabled technology, local jurisdictions, or smart cities, can improve the efficiency of service delivery, freeing up revenues to support additional – or enhanced – services to their residents.

Tenable Research recently audited an AXIS M3044-V network camera and learned that AXIS has introduced an application platform to their cameras.