Tenable Research Advisory: Patches Issued For Critical Vulnerabilities in 2 AVEVA SCADA/OT Apps
July 18, 2018A new critical remote code execution vulnerability in AVEVA’s Indusoft Web Studio and InTouch Machine Edition can be exploited to compromise sensitive operational technology. AVEVA has released ...
Compliance: What You Need to Know About Configuration Audit Variables
July 16, 2018Whether assessing systems against your organization’s own security policy or industry benchmarks and standards, configuration auditing is critical to compliance. Security policies are defined vi...
CIS Adapts Critical Security Controls to Industrial Control Systems
June 29, 2018The Center for Internet Security (CIS) recently updated its popular CIS Controls – formerly known as the SANS Top 20 – and published a companion CIS Controls Implementation Guide for Indus...
Is Your DevOps Secure?
June 27, 2018DevOps has become a competitive advantage for many organizations. However, many of these processes are not secure and raise serious challenges for cybersecurity professionals. Here’s how Tenable can h...
Tenable Research: May Vulnerability Disclosure Roundup
June 26, 2018Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to ...
Cisco ASA Exploited in the Wild; FXOS, NX-OS Get High-Priority Patches
June 26, 2018Cisco released a high-severity patch update for CVE-2018-0296 on June 22 which affects the Adaptive Security Appliance (ASA). There’s no time to waste in deploying this patch, as the company&rsq...
June Vulnerability of the Month: Electron Vulnerability Out-Hyped by Efail?
June 15, 2018Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability to highli...
Apple Code-Signing Flaw: Developers Beware
June 13, 2018Okta’s Research and Exploitation team released details on June 12 about an issue with third-party code-signing validation using Apple’s APIs. The flaw, which dates back to 2005, makes it p...
Critical Cisco Secure Access Control System (ACS) Vulnerability
June 8, 2018Researchers at Positive Technologies discovered a serious flaw (CVE-2018-0253) in Cisco’s Secure Access Control System (ACS). System administrators use Cisco ACS to authenticate users across the...
Adobe Flash Player Has (Another) Critical Zero-Day Vulnerability
June 7, 2018The Adobe Flash Player is widely adopted and a choice target for attackers given its history with vulnerabilities and the potential footprint exploits can have. Adobe consistently provides security up...
Zip Slip Critical Archive Extraction Vulnerability
June 6, 2018Yesterday, the Snyk Security team released information about a widespread archive extraction vulnerability known as Zip Slip. Zip Slip allows cyberattackers to write arbitrary files on the system, pot...
Quantifying the Attacker’s First-Mover Advantage
May 24, 2018Tenable Research has just released a report on the difference in time between when an exploit is publicly available for a given vulnerability and the first time that a vulnerability is assessed. For ...