Tenable Blog
AbonnierenTenable Assure: Announcing the 2021 Global Partner Award Winners
Oracle April 2021 Critical Patch Update Addresses 257 CVEs including ‘Zerologon’ (CVE-2020-1472)
Oracle addresses over 250 CVEs in its second quarterly update of 2021 with 390 patches, including 34 critical updates. Background On April 20, Oracle released its Critical Patch Update (CPU) for Apri...
CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in the Wild
Threat actors are leveraging a zero-day vulnerability in Pulse Connect Secure, for which there is no immediate patch scheduled for release. Background On April 20, Pulse Secure, which was acquired by...
NAME:WRECK: Nine DNS Vulnerabilities Found in Four Open Source TCP/IP Stacks
Nine new DNS-related vulnerabilities have been identified across TCP/IP stacks embedded in millions of devices. Background On April 13, 2021, researchers at Forescout and JSOF published a report calle...
Tenable and the Path to Zero Trust
The simplicity of the zero-trust concept belies the complexity of implementing it in most large organizations. Here are four factors to consider before you begin the journey. Zero trust, a cybersecuri...
CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483: Four Critical Microsoft Exchange Server Vulnerabilities Patched in April Patch Tuesday
One month after disclosing four zero-day vulnerabilities in Exchange Server, Microsoft addresses four additional vulnerabilities discovered by the National Security Agency (NSA). Background On April 1...
Microsoft’s April 2021 Patch Tuesday Addresses 108 CVEs (CVE-2021-28310)
Microsoft addresses 108 CVEs, including CVE-2021-28310 — which has reportedly been exploited in the wild — as well as four new remote code execution vulnerabilities in Microsoft Exchange. 19Critical 8...
CVE-2018-13379, CVE-2019-5591, CVE-2020-12812: Fortinet Vulnerabilities Targeted by APT Actors
Threat actors and ransomware groups are actively targeting three legacy Fortinet vulnerabilities. Background On April 2, the Federal Bureau of Investigation (FBI) along with the Cybersecurity and Infr...
Busting 5 Common Myths About Vulnerability Assessment
Don't let misconceptions stand in your way – get the facts on five common myths about vulnerability assessment. The simple truth of vulnerability assessment is that it's not always an easy task to acc...
Improving Municipal Cybersecurity: Tenable Supports Security Partnership with the National League of Cities
Recognizing the “perfect storm” created by COVID-19 disruptions, the NLC partnered with trusted security leaders to develop a turnkey solution for cities and local governments. The National League of...
CVE-2021-21975, CVE-2021-21983: Chained Vulnerabilities in VMware vRealize Operations Could Lead to Unauthenticated Remote Code Execution
VMware has addressed a pair of vulnerabilities in vRealize Operations that, when chained together, could result in unauthenticated remote code execution in vulnerable servers. Background On March 30,...
Cyber Hygiene: 5 Advanced Tactics to Maximize Your Risk Reduction
In part two of our series on cyber hygiene, we look at why businesses may need to go beyond the basics of vulnerability scanning and antivirus protection to ensure comprehensive security for their net...
How to Identify Compromised Microsoft Exchange Server Assets Using Tenable
As organizations continue to respond to a flurry of attacks by HAFNIUM and other threat actors leveraging Proxylogon (CVE-2021-26855) and related vulnerabilities (CVE-2021-26857, CVE-2021-26858, CVE-2...