Tenable Research

Tenable Blog

Amazon Web Service (AWS) S3 buckets have become a common source of data loss for public and private organizations alike. Here are five solutions you can use to evaluate the security of data stored in your S3 buckets. For business professionals, the public cloud is a smorgasbord of micro-service offerings ... Read More

The “Underminer” exploit kit is having widespread impact in Asian countries, particularly Japan. Thankfully, mitigation is relatively simple and involves patching and other well-known security best practices. Contrary to popular belief, the exploit kit is not dead yet. “Underminer,” an exploit kit named and discovered by Trend Micro, is having ... Read More

An Adobe Reader double free vulnerability on Windows and macOS systems earns the nod for its interesting discovery and patch story. Novelty, sophistication or just plain weirdness are some of the potential criteria we use to select the Tenable vulnerability of the month. We collect nominations from our 70+ research ... Read More

A new critical remote code execution vulnerability in AVEVA’s Indusoft Web Studio and InTouch Machine Edition can be exploited to compromise sensitive operational technology. AVEVA has released a patch and we advise urgent attention and response from affected end users. Tenable Research discovered a new critical remote code execution (RCE) ... Read More

Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to get them addressed before hackers discover and exploit them. This post provides an overview of all the vulnerabilities discovered by Tenable ... Read More

Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability to highlight. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining the ... Read More

Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability of the month. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining ... Read More

Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to get them addressed before hackers discover and exploit them. This post provides an overview of all the vulnerabilities discovered by Tenable ... Read More

Tenable Research recently discovered a new remote code execution vulnerability in Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition. The applications contain an overflow condition that is triggered when input is not properly validated. This allows an attacker to force a stack-based buffer overflow, resulting in denial of service ... Read More

Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability of the month. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining ... Read More