Instagram Porn Bots Evolve Methods for Peddling Adult Dating Spam
July 25, 2019Incentivized by affiliate programs, scammers are evolving how they utilize fake Instagram accounts to target users on the popular social media platform. As social networking services rose to prominen...
Tenable Research Discloses Critical Vulnerability in Siemens STEP 7 (CVE-2019-10915)
July 9, 2019Tenable Research has discovered a critical vulnerability in Siemens TIA Portal (also referenced as STEP 7) that would allow an attacker to perform administrative actions. Siemens has released an updat...
How to Audit Microsoft Exchange 2013 and 2016 with CIS and DISA Guidance
July 1, 2019Tenable Research Release Highlights are posted for significant new releases or updates to existing plugins or audit files that are important for early customer notification. Here, we discuss new audit...
Sudan Meal Project: Social Media Activism is Used to Amass Nearly 900,000 Followers on Instagram
June 24, 2019Instagram accounts claiming to donate meals to Sudanese civilians are a ruse to gain followers in order to pivot to personal accounts or sell them for a profit. In the wake of the Sudan crisis t...
Threat Modeling: What You Need to Know About Prioritizing Attacks and Vulnerabilities
June 19, 2019Threat modeling gives vulnerability management teams a good understanding of how attacks work, enabling them to focus prioritization efforts around the bugs most likely to affect their environment. T...
SACK Panic: Linux and FreeBSD Kernels Vulnerable to Remote Denial of Service Vulnerabilities (CVE-2019-11477)
June 18, 2019Researchers at Netflix have disclosed new remote denial of service and resource consumption vulnerabilities in most Linux and FreeBSD versions. Background On June 17, Netflix published an advisory t...
Stop the Presses: Media Coverage as a Prioritization Metric for Vulnerability Management
May 22, 2019We wondered whether mainstream media coverage of vulnerabilities changed how companies perform vulnerability management. So we asked them. Here’s what we learned. In technical circles, vulnerabilitie...
Slack Patches Download Hijack Vulnerability in Windows Desktop App
May 17, 2019Tenable Researcher David Wells discovered a vulnerability in Slack Desktop for Windows that could have allowed an attacker to alter where files downloaded within Slack are stored. Tenable worked with ...
Multiple Vulnerabilities Found in Presentation Products
April 30, 2019Tenable Research has discovered multiple vulnerabilities impacting Crestron’s AM-100 presentation device platform. Two of these also impact several other platforms, including: Barco wePresent, ExtronS...
Critical OS Command Injection Vulnerability in Citrix SD-WAN Center Discovered
April 11, 2019Tenable Research has discovered a critical vulnerability in Citrix SD-WAN Center that could lead to remote code execution. Background On April 10, Citrix released a security bulletin for CVE-20...
Verizon Fios Quantum Gateway Routers Patched for Multiple Vulnerabilities
April 9, 2019Tenable Research discovered multiple vulnerabilities in Verizon’s Fios Quantum Gateway routers. Background Tenable Research has discovered multiple vulnerabilities in the Verizon Fios Quantum Gatewa...
Tenable Research Discovers Remote Code Execution Vulnerabilities in GPON Routers
February 27, 2019Tenable Research has discovered six new vulnerabilities in Nokia (Alcatel-Lucent) I-240W-Q GPON routers that can provide attacker with telnet access, DoS the target, or run arbitrary code. Background...