Tenable Research, Author at Security Boulevard
Leaky Amazon S3 Buckets: Challenges, Solutions and Best Practices

Leaky Amazon S3 Buckets: Challenges, Solutions and Best Practices

|
Amazon Web Service (AWS) S3 buckets have become a common source of data loss for public and private organizations alike. Here are five solutions you can use to evaluate the security of data stored in your S3 buckets. For business professionals, the public cloud is a smorgasbord of micro-service offerings ... Read More
Underminer Exploit Kit: How Tenable Can Help

Underminer Exploit Kit: How Tenable Can Help

|
The “Underminer” exploit kit is having widespread impact in Asian countries, particularly Japan. Thankfully, mitigation is relatively simple and involves patching and other well-known security best practices. Contrary to popular belief, the exploit kit is not dead yet. “Underminer,” an exploit kit named and discovered by Trend Micro, is having ... Read More
July Vulnerability of the Month: Two Zero-Days Caught in Development

July Vulnerability of the Month: Two Zero-Days Caught in Development

|
An Adobe Reader double free vulnerability on Windows and macOS systems earns the nod for its interesting discovery and patch story. Novelty, sophistication or just plain weirdness are some of the potential criteria we use to select the Tenable vulnerability of the month. We collect nominations from our 70+ research ... Read More
Tenable Research Advisory: Patches Issued For Critical Vulnerabilities in 2 AVEVA SCADA/OT Apps

Tenable Research Advisory: Patches Issued For Critical Vulnerabilities in 2 AVEVA SCADA/OT Apps

|
A new critical remote code execution vulnerability in AVEVA’s Indusoft Web Studio and InTouch Machine Edition can be exploited to compromise sensitive operational technology. AVEVA has released a patch and we advise urgent attention and response from affected end users. Tenable Research discovered a new critical remote code execution (RCE) ... Read More
Tenable Research: May Vulnerability Disclosure Roundup

Tenable Research: May Vulnerability Disclosure Roundup

|
Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to get them addressed before hackers discover and exploit them. This post provides an overview of all the vulnerabilities discovered by Tenable ... Read More
June Vulnerability of the Month: Electron Vulnerability Out-Hyped by Efail?

June Vulnerability of the Month: Electron Vulnerability Out-Hyped by Efail?

|
Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability to highlight. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining the ... Read More
May Vulnerability of the Month: Java Deserialization Everywhere

May Vulnerability of the Month: Java Deserialization Everywhere

|
Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability of the month. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining ... Read More
Tenable Research: April Vulnerability Disclosure Roundup

Tenable Research: April Vulnerability Disclosure Roundup

|
Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to get them addressed before hackers discover and exploit them. This post provides an overview of all the vulnerabilities discovered by Tenable ... Read More
Tenable Research Advisory: Critical Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerability

Tenable Research Advisory: Critical Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerability

|
Tenable Research recently discovered a new remote code execution vulnerability in Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition. The applications contain an overflow condition that is triggered when input is not properly validated. This allows an attacker to force a stack-based buffer overflow, resulting in denial of service ... Read More
April Vulnerability of the Month: Password Free-for-All Via Samba Active Directory Domain Controller Vulnerability

April Vulnerability of the Month: Password Free-for-All Via Samba Active Directory Domain Controller Vulnerability

|
Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability of the month. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining ... Read More