CVE-2020-14882: Oracle WebLogic Remote Code Execution Vulnerability Exploited in the Wild
October 29, 2020A remote code execution vulnerability in Oracle WebLogic Server has been actively exploited in the wild just one week after a patch was released and one day after a proof of concept was published.Upda...
AWS Identity Federation and Least Privilege – Friends or Foes?
October 7, 2020Learn how to address the challenges in basic and advanced implementations of AWS federation.
Multiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to Attack
September 29, 2020Six vulnerabilities in a popular license management product put industrial control systems at risk for remote attacks. Background On September 8, researchers at Claroty published their detailed anal...
Understanding Cross-Origin Resource Sharing Vulnerabilities
September 11, 2020To avoid exposure to a variety of web application vulnerabilities, specific security considerations must be made when implementing Cross-Origin Resource SharingToday’s modern web applications rely hea...
Protect Applications and Data with Cloud Infrastructure Entitlements Management (CIEM)
August 3, 2020Breaking down the hype around cloud infrastructure entitlements management.
Scams Exploit COVID-19 Giveaways Via Venmo, PayPal and Cash App
May 13, 2020The economic impact of COVID-19, which is causing record unemployment, creates a golden opportunity for scammers looking to target vulnerable people desperate for cash to help pay their bills.As Cash ...
What Is VPR and How Is It Different from CVSS?
April 16, 2020This blog series will provide an in-depth discussion of vulnerability priority rating (VPR) from a number of different perspectives. Part one will focus on the distinguishing characteristics of VPR th...
CVE-2020-1938: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (CNVD-2020-10487)
February 21, 2020Several proof-of-concept exploit scripts for recently patched flaw in Apache Tomcat are now available.BackgroundOn February 20, China National Vulnerability Database (CNVD) published a security adviso...
Am I Smart or Just Lucky? Understanding Your Process Integrity Risk with Tenable Lumin
January 27, 2020Business system risk and process integrity risk are two essential metrics for a mature risk-based vulnerability management practice. With new assessment maturity scoring, Tenable Lumin now gives you i...
Cash App Scams: Giveaway Offers Ensnare Instagram Users, While YouTube Videos Promise Easy Money
October 24, 2019Cash App scammers are targeting users on Instagram and YouTube. Here’s what you need to know about their tactics — and how to avoid being conned.In part one of our two-part series on Cash App sca...
Tenable Lumin: Translating Vulnerability Management Into the Language of Business
October 1, 2019With Tenable Lumin, we’re giving customers a bridge between the language of vulnerability management and the language of business. In our work here at Tenable, we often hear from our CISO cus...
How To: Run Your First Vulnerability Scan with Nessus
August 22, 2019Get your Nessus vulnerability assessment tool up and running with these five easy steps.With Nessus, you can gain full visibility into your network by conducting a vulnerability assessment. Read on as...