Tenable
1565 Followers
About Us
Founded:
2002
Company Size:
501-1000 employees
Company Type:
Private
Tenable™, Inc. is the Cyber Exposure company. Over 24,000 organizations of all sizes around the globe rely on Tenable to manage and measure their modern attack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its platform from the ground up to deepl ...
Read more
Promoted Content
Five Steps to Building a Successful Vulnerability Management Program
Upcoming Event
Tenable has no upcoming events
Past Events
2Gain Greater Insight into Operational Technology Environments
Award-winning Tenable® Industrial Security adds approximately 350 new operational technology (OT) asset detections and delivers interactive 2D topology mapping and 3D visualization.
Tenable Industrial Security provides safe, reliable asset discovery and vulnerability detection purpose-built for industrial control systems (ICSs) and supervisory control and data acquisition (SCADA) systems. Based on Nessus Network Monitor, Tenable Industrial Security uses passive network monitoring designed fo ...
Save
Share
Like06/19/2018
3June Vulnerability of the Month: Electron Vulnerability Out-Hyped by Efail?
Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability to highlight. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining the total experience and knowledge of Tenable Research to identify the vulnerability of the month.
Background
Electron is an open-source framework for developi ...
SaveShareLike06/15/2018
7Apple Code-Signing Flaw: Developers Beware
Okta’s Research and Exploitation team released details on June 12 about an issue with third-party code-signing validation using Apple’s APIs. The flaw, which dates back to 2005, makes it possible for attackers to make malicious code appear to be signed by Apple when, in fact, it is not. Multiple third-party applications are affected – particularly those which offer “whitelisting services” – because developers misinterpreted the code-signing API, leading to inc ...
SaveShareLike06/14/2018
11ICS/SCADA Smart Scanning: Discover and Assess IT-Based Systems in Converged IT/OT Environments
ICS/SCADA Smart Scanning discovers and thoroughly assesses IT-based systems in the converged IT/OT environment, while reducing the risk of disrupting OT devices.Increasingly, operational technology (OT) environments are interconnecting with IT and adopting exploitable IT-based assets and protocols. This means OT systems are exposed to IT threats. Additionally, IT/OT convergence is expanding the cyberattack surface. Threat actors who have compromised IT networks may be able to access OT systems f ...
SaveShareLike06/12/2018
9Should You Still Prioritize Exploit Kit Vulnerabilities?
One of the greatest challenges that enterprises face is prioritizing vulnerabilities for remediation. Trying to determine which vulnerabilities pose a true imminent risk deserving of immediate attention can feel like a game of Whac-A-Mole due to the sheer volume of critical vulnerabilities.
An analysis of CVE data by Tenable Reseach’s Lucas Tamagna-Darr shows the number of disclosed vulnerabilities has grown on average by 15 percent year-over-year – with more than 12,000 unique vulne ...
SaveShareLike06/11/2018
9Critical Cisco Secure Access Control System (ACS) Vulnerability
Researchers at Positive Technologies discovered a serious flaw (CVE-2018-0253) in Cisco’s Secure Access Control System (ACS). System administrators use Cisco ACS to authenticate users across the network. The vulnerability allows external access to the Cisco ACS web interface, thereby allowing attackers to possibly gain unrestricted access to the internal network.
Analysis
An attacker who successfully exploits the ACS Report component of Cisco ACS could execute arbitrary commands on the aff ...
SaveShareLike06/08/2018
25Adobe Flash Player Has (Another) Critical Zero-Day Vulnerability
The Adobe Flash Player is widely adopted and a choice target for attackers given its history with vulnerabilities and the potential footprint exploits can have. Adobe consistently provides security updates for critical vulnerabilities. However, CVE-2018-5002 is the second zero-day vulnerability in Adobe Flash Player this year (the earlier one being CVE-2018-4877). Today, Adobe released a security patch for this vulnerability, along with other critical updates. This vulnerability was independentl ...
SaveShareLike06/08/2018
10Subscription Auto-Renewal Program: New Options to Save You Time
On June 11, we’re rolling out a subscription auto-renewal program for customers who purchased through our eCommerce site after July 10, 2017.
We created the auto-renewal program with one goal in mind: to make doing business with us easier. Most of our customers renew their licenses each year, and we have heard from many of you that a manual renewal process is less than ideal. With auto-renewal, you no longer need to worry about when your product‘s subscription expires or take steps t ...
SaveShareLike06/07/2018
15Zip Slip Critical Archive Extraction Vulnerability
Security slipup with Zip SlipYesterday, the Snyk Security team released information about a widespread archive extraction vulnerability known as Zip Slip. Zip Slip allows cyberattackers to write arbitrary files on the system, potentially permitting remote command execution. Zip Slip is a combination of “arbitrary file overwrite” and “directory traversal” weaknesses. An attacker could unzip files outside the normal unzip path and overwrite sensitive files, including critic ...
SaveShareLike06/07/2018
10How to Secure Public Cloud and DevOps? Get Unified Visibility.
One of the most transformative changes in the IT industry over the last decade has been the adoption of public cloud (IaaS) services such as AWS, Azure and GCP.
Public clouds are more than “just” running servers in a remote data center. They’re all about using infrastructure as code. This means that the various building blocks they offer – storage services, virtual machines and containers – as well as the underlying network can all be modified via calls to the publi ...
SaveShareLike06/05/2018
Don\'t miss our Introduction to Tenable.IO. Two times tomorrow - 10am GMT for our EMEA audience and 2pm EST for North America. Copy this to your browser: https://www.tenable.com/webinars/introducing-tenable-io-emea? utm_promoter=tenable&utm_source=cybraryit&utm_medium=referral&utm_campaign=cybraryitchannel
SaveShareLikeCybrary On The Go
Get the Cybrary app for Android for online and offline viewing of our lessons.
Support Cybrary
Donate Here to Get This Month's Donor Badge
