dcsimg

Leaky Amazon S3 Buckets: Challenges, Solutions and Best Practices

Amazon Web Service (AWS) S3 buckets have become a common source of data loss for public and private organizations alike. Here are five solutions you can use to evaluate the security of data stored in your S3 buckets. For business professionals, the public cloud is a smorgasbord of micro-service offerings which provide rapid delivery of hardware and software solutions. For security and IT … [Read more...]

Underminer Exploit Kit: How Tenable Can Help

The “Underminer” exploit kit is having widespread impact in Asian countries, particularly Japan. Thankfully, mitigation is relatively simple and involves patching and other well-known security best practices. Contrary to popular belief, the exploit kit is not dead yet. “Underminer,” an exploit kit named and discovered by Trend Micro, is having widespread impact in Asian countries, particularly … [Read more...]

July Vulnerability of the Month: Two Zero-Days Caught in Development

An Adobe Reader double free vulnerability on Windows and macOS systems earns the nod for its interesting discovery and patch story. Novelty, sophistication or just plain weirdness are some of the potential criteria we use to select the Tenable vulnerability of the month. We collect nominations from our 70+ research team members, shortlist the finalists and give the entire team the chance to vote … [Read more...]

Tenable Research Advisory: Patches Issued For Critical Vulnerabilities in 2 AVEVA SCADA/OT Apps

A new critical remote code execution vulnerability in AVEVA’s Indusoft Web Studio and InTouch Machine Edition can be exploited to compromise sensitive operational technology. AVEVA has released a patch and we advise urgent attention and response from affected end users. Tenable Research discovered a new critical remote code execution (RCE) vulnerability in AVEVA’s Indusoft Web Studio and InTouch … [Read more...]

Tenable Research: May Vulnerability Disclosure Roundup

Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to get them addressed before hackers discover and exploit them. This post provides an overview of all the vulnerabilities discovered by Tenable Research in May. You can access all Tenable Research … [Read more...]

June Vulnerability of the Month: Electron Vulnerability Out-Hyped by Efail?

Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability to highlight. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining the total experience and knowledge of Tenable Research to … [Read more...]

May Vulnerability of the Month: Java Deserialization Everywhere

Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability of the month. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining the total experience and knowledge of Tenable Research to … [Read more...]

Tenable Research: April Vulnerability Disclosure Roundup

Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to get them addressed before hackers discover and exploit them. This post provides an overview of all the vulnerabilities discovered by Tenable Research in April. You can access all Tenable Research … [Read more...]

Tenable Research Advisory: Critical Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerability

Tenable Research recently discovered a new remote code execution vulnerability in Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition. The applications contain an overflow condition that is triggered when input is not properly validated. This allows an attacker to force a stack-based buffer overflow, resulting in denial of service or potentially allowing the execution of arbitrary … [Read more...]

April Vulnerability of the Month: Password Free-for-All Via Samba Active Directory Domain Controller Vulnerability

Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability of the month. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining the total experience and knowledge of Tenable Research to … [Read more...]