Microsoft Teams: Vulnerability in Microsoft Power Apps Service Allows Theft of Emails, Files and More
June 14, 2021A flaw in Microsoft Power Apps could allow attackers to steal emails, Teams messages and OneDrive files. Background Microsoft recently patched a vulnerability in Microsoft Teams, a business communic...
Identifying Prototype Pollution Vulnerabilities: How Tenable.io Web Application Scanning Can Help
May 25, 2021Prototype pollution vulnerabilities are complex issues which can put your web applications and users at serious risk. Learn how these flaws arise and how Tenable.io Web Application Scanning can help. ...
The Top 5 Active Directory Misconfigurations Putting Your Organization at Risk
May 17, 2021Tenable's Security Response Team examines some of the most common Active Directory misconfigurations targeted by attackers and offers proactive measures to help cyber defenders disrupt attack paths.&n...
Elon Musk and SNL: Scammers Steal Over $10 Million in Fake Bitcoin, Ethereum and Dogecoin Crypto Giveaways
May 13, 2021In the run up to Elon Musk hosting NBC’s Saturday Night Live and the potential mention of Dogecoin on the show, scammers quickly capitalized on his appearance by promoting fake giveaways on Twitter an...
Healthcare Security: Ransomware Plays a Prominent Role in COVID-19 Era Breaches
March 10, 2021Ransomware is the root cause in a majority of the healthcare breaches analyzed. As the ongoing COVID-19 pandemic continues to place unprecedented strain on global healthcare infrastructure, attackers...
Asset Detection with Nessus Scanners: The First Step In Assessing Cyber Risk
February 16, 2021Building a precise inventory of existing assets across your attack surface is essential for effective vulnerability management. Here's how the asset detection process in Nessus scanners can help. Com...
Daisy Chaining: How Vulnerabilities Can Be Greater Than the Sum of Their Parts
January 21, 2021With the rise of daisy-chained cyberattacks, security teams must consider the contextual risk of each vulnerability, including its potential to be leveraged in a full system compromise.
TL;DR: The Tenable Research 2020 Threat Landscape Retrospective
January 14, 2021Tenable’s Security Response Team takes a look back at the major vulnerability and cybersecurity news of 2020 to develop insight and guidance for defenders. Søren Kierkegaard, the Danish philosopher, ...
Microsoft’s January 2021 Patch Tuesday Addresses 83 CVEs
January 12, 2021In its first Patch Tuesday of 2021, Microsoft patched 83 CVEs including 10 critical vulnerabilities Microsoft patched 83 CVEs in the January 2021 Patch Tuesday release, including 10 CVEs rated as cri...
Microsoft’s December 2020 Patch Tuesday Addresses 58 CVEs including CVE-2020-25705 (SAD DNS)
December 8, 2020The final Patch Tuesday of 2020 includes fixes for 58 CVEs, including workaround details for a severe vulnerability in Windows DNS Resolver called SAD DNS. Microsoft patched 58 CVEs in the December 2...
COVID-19 Pandemic Data: As Attack Surface Expands, Software Vendors Improve Vulnerability Response Times
December 7, 2020Tenable’s Zero-Day Research team found encouraging trends in how quickly software vendors are responding to our private disclosures, as well as how they’re addressing critical and high-severity vulner...
Microsoft’s November 2020 Patch Tuesday Addresses 112 CVEs including CVE-2020-17087
November 10, 2020Microsoft addressed over 112 CVEs in its November release, including a zero-day vulnerability in the Windows kernel that was exploited in the wild as part of a targeted attack. Microsoft patched 112 ...