The 2021 Threat Landscape Retrospective: Targeting the Vulnerabilities that Matter Most
January 19, 2022A review of the year in vulnerabilities and breaches, with insights to help guide cybersecurity strategy in 2022 and beyond.
YouTube Shorts: Stolen TikTok Videos Manipulated in Adult Dating, Dubious Products Scams for Views and Subscribers
January 12, 2022As Google's TikTok competitor YouTube Shorts gains viewers, hordes of scammers are quick to follow.
Fake Bitcoin, Ethereum, Dogecoin, Cardano, Ripple and Shiba Inu Giveaways Proliferate on YouTube Live
November 23, 2021Scammers are leveraging compromised YouTube accounts to promote fake cryptocurrency giveaways for Bitcoin, Ethereum, Dogecoin, Cardano, Ripple, Shiba Inu and other cryptocurrencies.
Identifying Server Side Request Forgery: How Tenable.io Web Application Scanning Can Help
November 18, 2021Learn how SSRF flaws arise, why three common attack paths are so challenging to mitigate and how Tenable.io Web Application Scanning can help.
Examining the Treat Landscape
October 29, 2021Are you leaving treats on the table for attackers? Understand the current treat landscape and how to reduce your exposure.
TikTok LIVE Scams: Stolen Live Footage Used to Earn TikTok Gifts, Promote Scams to Make Money
October 22, 2021Stolen video footage of celebrities, content creators and others is being used by scammers in TikTok LIVE streams to earn TikTok gifts, peddle questionable products and drive users to adult dating websites.
How to Use Tenable.io WAS to Find and Fix Sensitive Information Exposure in Microsoft Power Apps
September 30, 2021Researchers identified a configuration issue in Microsoft Power Apps portals that exposed millions of records for nearly 50 organizations. Learn how you can use Tenable.io Web App Scanning to identify...
Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs
August 25, 2021Three critical SSL VPN vulnerabilities have become some of the most exploited by advanced persistent threat actors and ransomware groups. To effectively prioritize remediation efforts, defenders must...
One Year Later: What Can We Learn from Zerologon?
August 11, 2021In a year of headline-making vulnerabilities and incidents, Zerologon (CVE-2020-1472) stands out due to its widespread adoption by threat actors and its checkered disclosure timeline. In our Threat L...
Zero Day Vulnerabilities in Industrial Control Systems Highlight the Challenges of Securing Critical Infrastructure
July 13, 2021The disclosure of zero day vulnerabilities in several Schneider Electric industrial control systems highlights the need to revamp cybersecurity practices in operational technology environments. ...
Dealing with the Attack Surface Beyond Vulnerabilities
July 12, 2021A good understanding of the attack surface is of prime importance in measuring and prioritizing risk. Here's how Tenable's data can allow security professionals to have a more realistic view of their ...
Elon Musk and YouTube Advertising Scams: Fake SpaceX “Coin” Promoted in Ads During Cryptocurrency Videos
June 24, 2021Scammers are on pace to steal nearly $1 million USD from unsuspecting users through a popular decentralized finance protocol, Uniswap, by abusing YouTube to promote a fake SpaceX coin as part of ads a...