Media room

Interview with Liat Hayun discussing how cloud apps and AI tools create potentially harmful gaps in a company’s security infrastructure.

Steve Vintz, Tenable Co-CEO and CFO, was interviewed on CNBC Worldwide Exchange about Tenable’s most recent earnings results, his outlook for cyber spending in 2025 and how the acquisition of Vulcan Cyber will accelerate Tenable’s dominance in the growing exposure management market. Vintz also comments on how public sector spending may be impacted by DOGE and potential trade wars. 
 

Tenable plans to purchase an exposure management startup led by a former Israeli intelligence officer to more effectively integrate telemetry data from third-party security products.

The Baltimore, Maryland-based vendor said its proposed $150 million acquisition of Tel Aviv, Israel-based Vulcan Cyber will help CISOs gain a unified view of risk through its more than 100 third-party integrations across endpoint security, cloud security and threat intelligence, according to co-CEO and COO Mark Thurmond. He said Vulcan's reputation in performance, scalability and integrations made them an appealing target. 

Ninety-one percent of almost 30,000 internet-exposed Microsoft Exchange Server instances impacted by the ProxyLogon flaw leveraged by Chinese state-backed threat operation Salt Typhoon continue to be vulnerable to attacks involving the bug, tracked as CVE-2021-26855, nearly four years after it was patched according to Tenable Research. 

One of the critical security flaws exploited by China's Salt Typhoon to breach US telecom and government networks has had a patch available for nearly four years - yet despite repeated warnings from law enforcement and private-sector security firms, nearly all public-facing Microsoft Exchange Server instances with this vulnerability remain unpatched.

According to cyber-risk management firm Tenable, 91 percent of the nearly 30,000 openly reachable instances of Exchange vulnerable to CVE-2021-26855, aka ProxyLogon, have not been updated to close the hole.

SonicWall released a hotfix for a critical pre-authentication remote code execution vulnerability in Secure Mobile Access 1000 products amidst reports of zero-day exploitation.
 

While information is currently limited, Scott Caveza, staff research engineer at Tenable, told Informa TechTarget that SonicWall's security advisory implies that the vulnerability was potentially exploited in the wild. Tenable cannot confirm the activity, but it is monitoring the situation for further developments, he added.

"Microsoft's Threat Intelligence Center reported the issue to SonicWall, which suggests there have been observations of exploitation," Caveza said in an email. "Despite the uncertainty around exploitation, threat actors have targeted SonicWall devices in the past and several SonicWall vulnerabilities have been featured on the Known Exploited Vulnerabilities (KEV) catalog from the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Patching of impacted SonicWall devices should take priority to ensure this threat is mitigated as soon as possible."