Tenable Blog

Proactively querying your industrial assets, through their native protocols, drastically improves the speed at which organizations can detect and mitigate cyber threats.

It sounds obvious and has been said before, but without clear visibility into your industrial control system (ICS) assets and network activity, it's impossible to detect and mitigate threats in a timely manner. So, what's the most effective approach for understanding what's happening in your ICS environment at any given time?

In today’s changing threat landscape, protecting your organization and its data from modern attacks is critical. Many organizations rely on Tenable® for their vulnerability management and Cyber Exposure needs. As such, we take our responsibility seriously and are committed to providing you with industry-leading solutions and support to help you minimize cyber risk.

Tenable Research has just released a report on the difference in time between when an exploit is publicly available for a given vulnerability and the first time that a vulnerability is assessed.

The ongoing saga of the Spectre and Meltdown vulnerabilities has just taken a new turn. Discovered by Google Project Zero (GPZ) and Microsoft, the new variants affect everything from desktops, laptops and mobile devices to infrastructure-as-a-service. These flaws are present in nearly all modern microprocessors and could allow an attacker to steal sensitive information by accessing privileged memory as a result of abusing a feature called speculative execution.

On May 15, Red Hat disclosed a critical vulnerability in a script included in NetworkManager for the Dynamic Host Configuration Protocol (DHCP) client on Red Hat Enterprise Linux (RHEL). The vulnerability was discovered by Google engineer Felix Wilhelm. The proof of concept for the command injection vulnerability CVE-2018-1111 is so simple that it fits into a single tweet.