Tenable Research Discovers Remote Code Execution Vulnerabilities in GPON Routers
February 27, 2019Tenable Research has discovered six new vulnerabilities in Nokia (Alcatel-Lucent) I-240W-Q GPON routers that can provide attacker with telnet access, DoS the target, or run arbitrary code. Background...
Remote Code Execution in InduSoft Web Studio
February 6, 2019Enterprises running InduSoft Web Studio should update their software and ensure these critical systems are not exposed to the internet. Tenable Research has discovered an unauthenticated remote code ...
Multiple Vulnerabilities Found in LabKey Server Community Edition
January 24, 2019Tenable Research has discovered multiple vulnerabilities including cross site scripting, open redirects and drive mapping in LabKey Server Community Edition 18.2-60106.64. Labkey has released patches....
Multiple Zero-Days in PremiSys IDenticard Access Control System
January 14, 2019Tenable Research discovered multiple zero-day vulnerabilities in the PremiSys access control system developed by IDenticard. As of January 9, IDenticard has not released a patch for these vulnerabilit...
Privilege Escalation Flaw Discovered in the Cisco Adaptive Security Appliance
December 19, 2018Tenable has discovered a privilege escalation flaw in the Cisco Adaptive Security Appliance that allows low-level users to run higher-level commands when certain configuration settings are set. Wha...
Securing Medical Records: Exploring US Certification Standards
December 12, 2018Tenable Research investigates compliance standards for EHR applications in the US healthcare industry and discusses possible gaps in the coverage of these standards. Real world examples are provided t...
Uncovering the Business Costs of Cyber Risk: Ponemon Study
December 12, 2018Study finds organizations are not accurately measuring the business costs of cyber risk, and are unable to quantify the damage cyber attacks could have on their businesses, leaving them without the cr...
Tenable Research Advisory: Zoom Unauthorized Command Execution (CVE-2018-15715)
November 29, 2018Tenable Researcher David Wells discovered a vulnerability in Zoom’s Desktop Conferencing Application that allows an attacker to hijack screen controls, spoof chat messages or kick and lock attendees out of meetings. Zoom has released updates for macOS, Windows and Linux.
Tenable Research Advisory: Multiple ICS Vulnerabilities in Schneider Modicon Quantum PLC
November 27, 2018Tenable Research discovered multiple vulnerabilities in Schneider’s Modicon Quantum programmable logic controller. Schneider has recommended mitigations for impacted end users. Background While exam...
5W1H: Speculative Side Channel Vulnerabilities De-mystified
November 15, 2018The classes of vulnerabilities that brought us Meltdown and Spectre are not going away anytime soon. Here’s what you need to know about Speculative Execution vulnerabilities, with our guidance on step...
Vulnerability Intelligence Report: A Threat-Centric Approach To Prioritization
November 7, 2018Tenable Research set out to provide organizations with the real-world data they need to take a threat-centric approach to vulnerability management. Insight into the true state of cyber exposure - how...
Three Vulnerability Intelligence Insights Worth Your Attention
November 7, 2018The Vulnerability Intelligence Report, released today by Tenable Research, provides an overview of current vulnerability disclosure trends and insights into real-world vulnerability demographics in en...