Intro to the Tenable.io API

Leveraging Tenable.io featuresTenable.io is the world’s first Cyber Exposure platform, giving you complete visibility into your network and helping you to manage and measure your modern attack surface. All the powerful capabilities of Tenable.io Vulnerability Management are available in the Tenable.io API, a robust, well-documented tool for users of all experience levels. Tenable.io users can access the API via the publicly available web interface. Highly technical users can leverage the API using utilities like cURL or Postman to gather data in an automated fashion and get additional details that may not be readily available via the web UI. Using the Tenable.io API Using the Tenable.io API web UI allows you to leverage many of the API’s capabilities without having to be familiar with crafting API queries or using utilities like cURL or Postman. The key to leveraging the API UI that isn’t necessarily obvious is most requests require you to be authenticated. This is most easily accomplished by having two windows or tabs open: one with your authenticated Tenable.io session and one with the Tenable.io API. This lets the Tenable.io API use your authenticated session to perform the queries. If you...
Read more

Protecting Your Bluetooth Devices from BlueBorne

A new attack vector, codenamed BlueBorne, can potentially affect all devices with Bluetooth capabilities – ordinary computers, mobile phones, and IoT devices – literally billions of devices in the world today. Hackers can use this attack vector to leverage Bluetooth connections to completely take over targeted devices. BlueBorne spreads through the air, allowing it to bypass all security measures and potentially infect even “air-gapped” networks. The attack does not require the attacker’s device and the targeted device to be paired; in fact, the targeted device does not even need to be set on discoverable mode. The BlueBorne attack vector requires no user interaction, no connection to the internet, covers multiple OS versions, and does not require any special configuration other than Bluetooth being active on the targeted device. BlueBorne is completely undetected by the user and can be used for a large range of attacks, including remote code execution and man-in-the-middle attacks, ransomware, creating IoT botnets and more. Tenable Coverage CVE-2017-8628, CVE-2017-1000250 and CVE-2017-1000251 cover the vulnerabilities that allow the BlueBorne attack vector to succeed in Windows and Linux environments. Tenable has released following plugins to address those CVEs: Plugin ID Plugin Name CVE 103127 KB4038777: Windows 7 and Windows Server 2008 R2...
Read more