Tenable-Blog
How Tenable Research Discovered a Critical Remote Code Execution Vulnerability on Anthropic MCP Inspector
Tenable Network Security Podcast - Episode 26
<p>Welcome to the Tenable Network Security Podcast - Episode 26</p> <h3>Announcements</h3> <ul> <li>Two new blog posts have been released titled "<a href="http://blog.tenablesecurity.com/2010/03/value-of-credentialed-scanning.html">The Value Of Credentialed Vulnerability Scanning</a> and <a href=...
Tenable Network Security Podcast - Episode 23
Welcome to the Tenable Network Security Podcast - Episode 23 <h3>Announcements</h3> <ul> <li>Two new blog posts have been released titled "<a href="http://blog.tenablesecurity.com/2010/02/microsoft-patch-tuesday---february-2009---from-microsoft-with-love-edition.html">Microsoft Patch Tuesday...
Afterbites with Marcus Ranum: Gartner & Two-Factor Authentication
<p>Afterbites is a blog segment in which Marcus Ranum provides more in-depth coverage and analysis of the SANS NewsBites newsletter. This week Marcus will be commenting on the following article:</p> <p><strong>Gartner Report Says Two-Factor Authentication Isn't Enough</strong><br /> (December 14,...
Tenable Network Security Podcast - Episode 7
<p>Welcome to the Tenable Network Security Podcast - Episode 7</p> <h3>Announcements</h3> <ul><li>New blog post going up today on the experiences at Cyberdawn, a cyber exercise that puts hackers against defenders in a realistic environment.</li> <li>Attention Security Center customers! A new ver...
Logs of Our Fathers
<p>At USENIX in Anaheim, back in 2005, George Dyson treated us to a fantastic keynote speech about the early history of computing. You can catch a videotaped reprise of it <a href="http://www.ted.com/talks/lang/eng/george_dyson_at_the_birth_of_the_computer.html" target="_blank">here, on the TED site...
Event Analysis Training – “Could you look at some odd IRC Connections?”
<p>At one of the research sites that we monitor, an analyst noted that a few servers were consistently making a large number of IRC connections. These connections occurred in a periodic manner and appeared to be automated. This blog entry describes the various steps taken in analyzing the connection...
Auditing PHP Settings to OWASP Recommendations with Nessus
<p>Tenable recently released an audit policy for Linux servers running PHP which tests for hardening recommendations from the Open Web Application Security Project (<a href="http://www.owasp.org/index.php/Main_Page">OWASP</a>). OWASP maintains a set of guidelines for hardening web servers, with spec...
ShmooCon 2009 - Playing Poker for Charity
Tenable sponsored a booth at this year's ShmooCon and ran a Texas Hold'em table to help raise money for the Hackers for Charity organization. We raised close to $400 from conference attendees and scheduled "guest" players such as Paul Asadoorian from PaulDot.Com, Simple Nomad from ...
DOJOSEC - Compliance Presentation
The next DOJOSEC is this week. I've been invited to speak about the latest compliance trends in PCI and FDCC. Also presenting will be Shaf Ramsey of TechGaurd Security and Dale Beauchamp of the Transportation Security Administration. Mr. Ramsey will discuss the future of virtual worlds such as HIPIH...