Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs
August 25, 2021Three critical SSL VPN vulnerabilities have become some of the most exploited by advanced persistent threat actors and ransomware groups. To effectively prioritize remediation efforts, defenders must...
One Year Later: What Can We Learn from Zerologon?
August 11, 2021In a year of headline-making vulnerabilities and incidents, Zerologon (CVE-2020-1472) stands out due to its widespread adoption by threat actors and its checkered disclosure timeline. In our Threat L...
Zero Day Vulnerabilities in Industrial Control Systems Highlight the Challenges of Securing Critical Infrastructure
July 13, 2021The disclosure of zero day vulnerabilities in several Schneider Electric industrial control systems highlights the need to revamp cybersecurity practices in operational technology environments. ...
Dealing with the Attack Surface Beyond Vulnerabilities
July 12, 2021A good understanding of the attack surface is of prime importance in measuring and prioritizing risk. Here's how Tenable's data can allow security professionals to have a more realistic view of their ...
Elon Musk and YouTube Advertising Scams: Fake SpaceX “Coin” Promoted in Ads During Cryptocurrency Videos
June 24, 2021Scammers are on pace to steal nearly $1 million USD from unsuspecting users through a popular decentralized finance protocol, Uniswap, by abusing YouTube to promote a fake SpaceX coin as part of ads a...
Microsoft Teams: Vulnerability in Microsoft Power Apps Service Allows Theft of Emails, Files and More
June 14, 2021A flaw in Microsoft Power Apps could allow attackers to steal emails, Teams messages and OneDrive files. Background Microsoft recently patched a vulnerability in Microsoft Teams, a business communic...
Identifying Prototype Pollution Vulnerabilities: How Tenable.io Web Application Scanning Can Help
May 25, 2021Prototype pollution vulnerabilities are complex issues which can put your web applications and users at serious risk. Learn how these flaws arise and how Tenable.io Web Application Scanning can help. ...
The Top 5 Active Directory Misconfigurations Putting Your Organization at Risk
May 17, 2021Tenable's Security Response Team examines some of the most common Active Directory misconfigurations targeted by attackers and offers proactive measures to help cyber defenders disrupt attack paths.&n...
Elon Musk and SNL: Scammers Steal Over $10 Million in Fake Bitcoin, Ethereum and Dogecoin Crypto Giveaways
May 13, 2021In the run up to Elon Musk hosting NBC’s Saturday Night Live and the potential mention of Dogecoin on the show, scammers quickly capitalized on his appearance by promoting fake giveaways on Twitter an...
Healthcare Security: Ransomware Plays a Prominent Role in COVID-19 Era Breaches
March 10, 2021Ransomware is the root cause in a majority of the healthcare breaches analyzed. As the ongoing COVID-19 pandemic continues to place unprecedented strain on global healthcare infrastructure, attackers...
Asset Detection with Nessus Scanners: The First Step In Assessing Cyber Risk
February 16, 2021Building a precise inventory of existing assets across your attack surface is essential for effective vulnerability management. Here's how the asset detection process in Nessus scanners can help. Com...
Daisy Chaining: How Vulnerabilities Can Be Greater Than the Sum of Their Parts
January 21, 2021With the rise of daisy-chained cyberattacks, security teams must consider the contextual risk of each vulnerability, including its potential to be leveraged in a full system compromise.