CVE-2021-21148: Google Chrome Heap Buffer Overflow Vulnerability Exploited in the Wild
Following reports of in-the-wild exploitation, Google released a patch for the third browser-based zero-day vulnerability of 2021. Background On February 4, Google published a stable channel...
CVE-2021-20016: Zero-Day Vulnerability in SonicWall Secure Mobile Access (SMA) Exploited in the Wild
SonicWall releases a patch after researchers confirm exploitation of a zero-day vulnerability in SonicWall Secure Mobile Access Background On January 22, SonicWall published a product notification...
Protecting Your Cloud Assets: Where Do You Start?
When securing dynamic cloud environments, the ability to continuously discover and assess cloud assets allows you to quickly detect issues as new vulnerabilities are disclosed and as your...
NERC CIP-008-6: How Power Grid Operators Can Improve Their Incident Reporting
The new NERC CIP-008-6 regulation challenges power grid operators to differentiate attempts to compromise their environment from other non-malicious cyber incidents. Here’s how Tenable can help.
Securing Classified Telework: 3 Principles for Protecting Sensitive Data
As pandemic restrictions linger, federal agencies are preparing for a rise in classified telework. Here’s why a continued focus on cybersecurity fundamentals is imperative. The COVID-19 pandemic...
Cloud Security: Improve Cyber Hygiene with Resource Tagging
Adopting consistent tagging practices can help to quickly identity resources, ensure change control efforts, and reduce security risks within your cloud environments. Many organizations use the...
OT Incident Response: 4 Reasons Asset Inventory Is Key
Without a detailed view of the assets and vulnerabilities across your OT environment, security leaders face increased costs and delays when it comes to incident response efforts.
CVE-2020-6207: Proof of Concept Available for Missing Authentication Vulnerability in SAP Solution Manager
A researcher has published a proof-of-concept exploit script for a critical SAP vulnerability patched in March 2020 and attackers have begun probing for vulnerable SAP systems. Background On...
Daisy Chaining: How Vulnerabilities Can Be Greater Than the Sum of Their Parts
With the rise of daisy-chained cyberattacks, security teams must consider the contextual risk of each vulnerability, including its potential to be leveraged in a full system compromise.
Oracle January 2021 Critical Patch Update Includes Fixes for Five Critical WebLogic Flaws (CVE-2021-2109)
Oracle’s first Critical Patch Update of 2021 addressed 329 security updates across 25 product families, including five new critical flaws in Oracle WebLogic Server. Background On January 19, Oracle...
Ready to Test Your Hacking Skills? Join Tenable’s First CTF Competition!
Tenable launches new Capture the Flag event for the security community, running from February 18–22. Capture the Flag events are a tried and true way of testing your cybersecurity skills, practicing...
DNSpooq: Seven Vulnerabilities Identified in dnsmasq
Researchers identify seven vulnerabilities in popular Domain Name System software. Background On January 19, researchers from the JSOF Research lab disclosed seven vulnerabilities in dnsmasq, a...
Pages
Stay Informed
By subscribing, Tenable may send you email communications regarding its products and services. You may opt out of receiving these communications at any time by using the unsubscribe link located in the footer of the emails delivered to you. You can also manage your Tenable email preferences by visiting the Subscription Management Page.
Tenable will only process your personal data in accordance with its Privacy Policy.