Tenable Blog

CVE-2021-21985: Critical VMware vCenter Server Remote Code Execution

by Claire Tills on May 25, 2021

VMware has issued patches for a critical remote code execution vulnerability in vCenter Server. Organizations are strongly encouraged to apply patches as soon as possible.

Update June 2: The Identifying Affected Systems section has been updated to include audit checks for the workaround.

Update June 4: The Proof of Concept section has been updated to reflect the publication of exploit code and active scanning for vulnerable servers.

Identifying Prototype Pollution Vulnerabilities: How Tenable.io Web Application Scanning Can Help

by Rémy Marot on May 25, 2021

Prototype pollution vulnerabilities are complex issues which can put your web applications and users at serious risk. Learn how these flaws arise and how Tenable.io Web Application Scanning can help.

The Right Way to do Attack Surface Mapping

by Robert Hansen on May 21, 2021

The key to mapping out your attack surface accurately is to scan all of your organization's assets, develop an asset inventory list and find shadow IT.

Least Privilege Policy: Automated Analysis Trumps Native AWS Tools

by Lior Zatlavi on May 18, 2021

Here’s what you need to know about AWS methods for granting and controlling access, plus native tools for detecting and repairing excessive permissions.

The Top 5 Active Directory Misconfigurations Putting Your Organization at Risk

by Team Tenable on May 17, 2021

Tenable's Security Response Team examines some of the most common Active Directory misconfigurations targeted by attackers and offers proactive measures to help cyber defenders disrupt attack paths.

Elon Musk and SNL: Scammers Steal Over $10 Million in Fake Bitcoin, Ethereum and Dogecoin Crypto Giveaways

by Satnam Narang on May 13, 2021

In the run up to Elon Musk hosting NBC’s Saturday Night Live and the potential mention of Dogecoin on the show, scammers quickly capitalized on his appearance by promoting fake giveaways on Twitter and YouTube.

Background

On May 8, Elon Musk hosted NBC’s Saturday Night Live. Musk, who is a known supporter of the cryptocurrency Dogecoin, teased the possibility that he might talk about the coin on the show, which led to much online speculation.

Passive DNS Is the Wrong Way To Do Attack Surface Mapping

by Robert Hansen on May 13, 2021

When identifying a corporate attack surface, passive DNS can be useful but it won’t be comprehensive by itself, so it should be part of a more holistic program.

These Are the Building Blocks of Effective Vulnerability Management

by Jeff Aboud on May 13, 2021

High-performing cybersecurity teams base their actions and investments on actual risk to the business — not theoretical scores or news headlines.

If you're like most cybersecurity professionals I talk to, you're likely buried with more vulnerabilities than you can possibly handle, so you can't keep up with your organization's policies and service-level agreements (SLAs). You also likely have blind spots across some of the most dynamic areas of your network, including cloud assets, operational technology (OT) and web apps, leaving them vulnerable to attack.

The Path to Zero Trust: Is it Time to Rethink What We're Calling a Vulnerability?

by Renaud Deraison on May 12, 2021

Reconsidering how we define "vulnerability" is more than a thought exercise. It could represent a sea change in how organizations manage risk.

For most of us in cybersecurity, the definition of "vulnerability" has always been fairly straightforward: "a flaw in code or design that creates a potential point of security compromise for an endpoint or network."

Microsoft’s May 2021 Patch Tuesday Addresses 55 CVEs (CVE-2021-31166)

by Tenable Security Response Team on May 11, 2021

After crossing the 100 CVEs patched mark for the first time in April, Microsoft patched just 55 CVEs in May, the lowest number of CVEs patched this year.

Tenable One Exposure Management Platform

Platform categories

Platform capabilities

Cloud Exposure

Vulnerability Exposure

OT/IoT Exposure

Identity Exposure

Business needs

Industries

Compliance

Public Sector

The Tenable difference

Compare Tenable to:

Resources

Research

Tenable Assure partners

Other partner opportunities

Support

Services

Tenable Trust

About us

Media

Connect

Join us

Tenable Blog

CVE-2021-21985: Critical VMware vCenter Server Remote Code Execution

Identifying Prototype Pollution Vulnerabilities: How Tenable.io Web Application Scanning Can Help

The Right Way to do Attack Surface Mapping

Least Privilege Policy: Automated Analysis Trumps Native AWS Tools

The Top 5 Active Directory Misconfigurations Putting Your Organization at Risk

Elon Musk and SNL: Scammers Steal Over $10 Million in Fake Bitcoin, Ethereum and Dogecoin Crypto Giveaways

Background

Passive DNS Is the Wrong Way To Do Attack Surface Mapping

These Are the Building Blocks of Effective Vulnerability Management

The Path to Zero Trust: Is it Time to Rethink What We're Calling a Vulnerability?

Microsoft’s May 2021 Patch Tuesday Addresses 55 CVEs (CVE-2021-31166)

Tenable Blog

Background

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank You

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank you

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank you

Try Tenable Web App Scanning

Buy Tenable Web App Scanning

Thank you

Request a demo of Tenable Security Center

Request a demo of Tenable OT Security

Request a demo

Request a demo of Tenable Cloud Security

See Tenable One in action

See Tenable Attack Surface Management in action

Get a demo of Tenable Enclave Security

Thank You

Try Tenable Nessus Professional free

NEW - Tenable Nessus Expert now available

Buy Tenable Nessus Professional

Try Tenable Nessus Expert free

Buy Tenable Nessus Expert

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Get a demo of Tenable Patch Management

See
Tenable One
in action

NEW - Tenable Nessus Expert
now available