Threat Modeling: What You Need to Know About Prioritizing Attacks and Vulnerabilities
June 19, 2019Threat modeling gives vulnerability management teams a good understanding of how attacks work, enabling them to focus prioritization efforts around the bugs most likely to affect their environment. T...
SACK Panic: Linux and FreeBSD Kernels Vulnerable to Remote Denial of Service Vulnerabilities (CVE-2019-11477)
June 18, 2019Researchers at Netflix have disclosed new remote denial of service and resource consumption vulnerabilities in most Linux and FreeBSD versions. Background On June 17, Netflix published an advisory t...
Stop the Presses: Media Coverage as a Prioritization Metric for Vulnerability Management
May 22, 2019We wondered whether mainstream media coverage of vulnerabilities changed how companies perform vulnerability management. So we asked them. Here’s what we learned. In technical circles, vulnerabilitie...
Slack Patches Download Hijack Vulnerability in Windows Desktop App
May 17, 2019Tenable Researcher David Wells discovered a vulnerability in Slack Desktop for Windows that could have allowed an attacker to alter where files downloaded within Slack are stored. Tenable worked with ...
Multiple Vulnerabilities Found in Presentation Products
April 30, 2019Tenable Research has discovered multiple vulnerabilities impacting Crestron’s AM-100 presentation device platform. Two of these also impact several other platforms, including: Barco wePresent, ExtronS...
Critical OS Command Injection Vulnerability in Citrix SD-WAN Center Discovered
April 11, 2019Tenable Research has discovered a critical vulnerability in Citrix SD-WAN Center that could lead to remote code execution. Background On April 10, Citrix released a security bulletin for CVE-20...
Verizon Fios Quantum Gateway Routers Patched for Multiple Vulnerabilities
April 9, 2019Tenable Research discovered multiple vulnerabilities in Verizon’s Fios Quantum Gateway routers. Background Tenable Research has discovered multiple vulnerabilities in the Verizon Fios Quantum Gatewa...
Tenable Research Discovers Remote Code Execution Vulnerabilities in GPON Routers
February 27, 2019Tenable Research has discovered six new vulnerabilities in Nokia (Alcatel-Lucent) I-240W-Q GPON routers that can provide attacker with telnet access, DoS the target, or run arbitrary code. Background...
Remote Code Execution in InduSoft Web Studio
February 6, 2019Enterprises running InduSoft Web Studio should update their software and ensure these critical systems are not exposed to the internet. Tenable Research has discovered an unauthenticated remote code ...
Multiple Vulnerabilities Found in LabKey Server Community Edition
January 24, 2019Tenable Research has discovered multiple vulnerabilities including cross site scripting, open redirects and drive mapping in LabKey Server Community Edition 18.2-60106.64. Labkey has released patches....
Multiple Zero-Days in PremiSys IDenticard Access Control System
January 14, 2019Tenable Research discovered multiple zero-day vulnerabilities in the PremiSys access control system developed by IDenticard. As of January 9, IDenticard has not released a patch for these vulnerabilit...
Privilege Escalation Flaw Discovered in the Cisco Adaptive Security Appliance
December 19, 2018Tenable has discovered a privilege escalation flaw in the Cisco Adaptive Security Appliance that allows low-level users to run higher-level commands when certain configuration settings are set. Wha...