Security News

Tenable: 26,500 Cyber Vulnerabilities Risk SE Asia’s Banks
2024-09-06 19:28

The internet-facing assets were found to be susceptible to potential exploitation in a sample of 90 banking and financial services organisations.

Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation
2024-06-05 06:44

Tenable thinks these tags can be abused by a rogue Azure customer to access other customers' stuff - a cross-tenant attack - if those victims rely on Service Tags in their firewall rules. "We appreciate the collaboration with Tenable to responsibly disclose the inherent risk in using Service Tags as a single mechanism for vetting secure network traffic," a Microsoft spokesperson told The Register.

Tenable: Cyber Security Pros Should Worry About State-Sponsored Cyber Attacks
2024-02-22 14:52

Nathan Wenzler, chief security strategist at cyber security firm Tenable, said state-sponsored threat actors typically infiltrate by stealth and spread. Wenzler said Australian organisations should treat them as seriously as other actors or face serious risk during a geopolitical conflict. The Australian Cyber Security Centre found total reports of cybercrime were up by 23% to 94,000 in the year to June 2023, attributing part of that increase to state-sponsored attacks against critical infrastructure.

Criminal IP and Tenable Partner for Swift Vulnerability Detection
2024-01-09 15:02

The key feature of this technical alliance lies in streamlining the essential data and information of IP addresses provided by the Criminal IP search engine to Tenable Vulnerability Management. Integrating Criminal IP with Tenable Vulnerability Management will equip users with the comprehensive feature of Criminal IP for detecting IP assets.

Microsoft hits back at Tenable criticism of its infosec practices
2023-08-07 05:40

Microsoft has explained why it seemingly took its time to fix a flaw reported to it by infosec intelligence vendor Tenable. On July 10, Tenable again contacted Microsoft to reports its findings on what it regarded as a dangerously incomplete fix.

Microsoft fixes flaw after being called irresponsible by Tenable CEO
2023-08-04 22:54

Microsoft fixed a security flaw in the Power Platform Custom Connectors feature that let unauthenticated attackers access cross-tenant applications and Azure customers' sensitive data after being called "Grossly irresponsible" by Tenable's CEO. The root cause of the issue stemmed from inadequate access control measures for Azure Function hosts launched by connectors within the Power Platform. "It should be noted that this is not exclusively an issue of information disclosure, as being able to access and interact with the unsecured Function hosts, and trigger behavior defined by custom connector code, could have further impact," says cybersecurity firm Tenable which discovered the flaw and reported it on March 30th. "However, because of the nature of the service, the impact would vary for each individual connector, and would be difficult to quantify without exhaustive testing."

Tenable launches an all-in-one, risk-based vulnerability management platform
2021-02-24 02:15

Ep, all-in-one, risk-based vulnerability management platform designed to scale as dynamic compute requirements change. Ep combines the company's products - Tenable.io Vulnerability Management, Tenable.io Web Application Scanning, Tenable.io Container Security and Tenable Lumin - into one platform, enabling customers to see all of their assets and vulnerabilities in a single dashboard alongside key threat, exploit and prioritization metrics.

Tenable acquires Alsid to provide users with a more complete approach to cyber preparedness
2021-02-11 00:00

Tenable announced that it has entered into a definitive agreement to acquire Alsid SAS. Alsid for Active Directory is a Software as a Service solution with an on-premises deployment option that monitors the security of Active Directory in real time. "We're impressed with the insights that Alsid brings to enterprise customers and look forward to working with the Alsid team to add this critical element to Cyber Exposure and risk management."

Coming in at number 5, it's a blast from the past! Tenable's 2020 security flaw chart show features hits of yesteryear
2021-01-14 18:37

Out of the top five vulnerabilities for 2020 three dated back to 2019 or earlier, according to infosec firm Tenable's annual threat report. While Zerologon was the company's number one insecurity for 2020, the hoary old Pulse Secure VPN vuln was number three, while flaws in Citrix and Fortinet connectivity platforms dating from 2019 and 2018 respectively were also up there.

Tenable Lumin updates enable orgs to predict which vulnerabilities pose the greatest business risk
2020-10-06 00:00

Tenable announced new Tenable Lumin innovations that empower customers to align business objectives with cybersecurity initiatives. The latest enhancements to the Cyber Exposure Management Platform enable organizations to predict which vulnerabilities pose the greatest business risk and act with confidence to effectively reduce risk across their modern, distributed environments.