- CVE-2024-1709: Both ScreenConnect vulnerabilities have been exploited by ransomware groups including Black Basta annd the Bl00dy Ransomware Gang. Patch these flaws as soon as possible.
- CVE-2024-1708: Both ScreenConnect vulnerabilities have been exploited by ransomware groups including Black Basta annd the Bl00dy Ransomware Gang. Patch these flaws as soon as possible.
- CVE-2024-21726: While user interaction is required to exploit this flaw, using spray-and-pray attacks could lead to exploitation. We're monitoring for additional information.
- CVE-2023-6764: CVE-2023-6764 could lead to unauthorized remote code execution. However, an attacker would need detailed knowledge of the affected device's memory layout and config.
- CVE-2024-23479: With historical exploitation of a Solarwinds product (Solarwinds Orion), these critical vulnerabilities in Access Rights Manager are being monitored by Tenable Research
The Leader in Vulnerability and Exposure Research
Tenable Research is the source of all Tenable solutions. By providing exposure intelligence, security advisories and alerts, data science insights and zero-day research, Tenable helps organizations secure their modern attack surface.
Meet Tenable Research
Tenable Research develops detections for vulnerabilities and exposures across the modern attack surface supporting cloud, IT IoT, OT, web apps and identity assets. New detections are released within 24 hours of high profile issues.
Tenable Research creates compliance audits against published standards and baselines (e.g. CIS Benchmarks, DISA STIGs) and across more than 25 security frameworks (e.g. HIPAA, NIST 800-53).
The Security Response Team (SRT) tracks the threat and vulnerability landscapes to provide critical analysis and inform rapid detection coverage across Tenable solutions.
The team includes "white hat" researchers that analyze popular software platforms to proactively identify vulnerabilities and exposures to better protect customers.
Tenable Research monitors the threat landscape and builds new attack techniques in support of Tenable Attack Path Analysis to uncover all potential attack paths that could impact organizations.
Tenable Research develops asset identification and configuration audit plugins to identify operating systems, devices, applications and service identifications.
The Tenable Research Alliance Program is an intelligence sharing initiative among leading technology organizations to help protect customers before attackers become aware of exposures through formal vendor announcements.
Impact of Vulnerability Addition to CISA KEV
Amongst Tenable customers, vulnerabilities on the KEV list are remediated approximately 40% faster when compared to sample sets of CVEs that have a similar VPR distribution as those on the KEV.Review Tenable Plugins for CISA KEV
Tenable's researchers leverage 60 Billion+ data points across a diverse set of assets to help elevate the security posture of the ecosystem.Learn More
Explore Research Resources
Webinars and Reports
Tenable Research @ Medium
January 31, 2024
January 9, 2024
January 2, 2024
July 5, 2023
March 7, 2023
January 24, 2023
January 18, 2023
January 11, 2023