Tenable Blog

It seems that in recent history, the SSL library continues to give security teams plenty of opportunities to interface with systems/application administrators and vendors to upgrade SSL in their environments. The latest vulnerability to impact SSL is CVE-2015-0204, known in the media as "FREAK," short for Factoring RSA EXPORT Keys. FREAK can facilitate a man-in-the-middle attack and force a browser to export a weak 512-bit key, which can be factored in just a few hours.

When talking with infosec professionals about gaining insight into how vulnerable their organisations are, I’ve noticed that many often reply with one simple statement: “We have N number of vulnerabilities.” Whilst it’s trivial to count the actual number of vulnerabilities using a vulnerability scanner, the measure by itself doesn’t give any accurate insight into how effective the assessment really is. Telling an organisation that they have 10,324 vulnerabilities, whilst shocking, doesn’t convey the actual risks faced.

The Payment Card Industry Security Standards Council (PCI SSC) released a special bulletin on February 13, 2015 announcing impending revisions to the Payment Card Industry Data Security Standard (PCI DSS) (Version 3.1 was published on April 15, 2015) as well as the Payment Application Data Security

The White House Summit on Cybersecurity and Consumer Protection is being held at Stanford University Friday February 13, 2015. The purpose of the summit is to bring technology leaders and cybersecurity advocates together to help the federal government craft the best initiatives on cybersecurity protection. The Summit will also foster public-private collaborations to improve information sharing.

The information security field is a challenging place these days. With new and increasing threats every day, staying ahead of risks can feel like treading water. There’s always a new vulnerability to address, a patch to apply, security tools to research and defenses to update. But being defensive is not a sound security plan; it’s imperative to be strategic and get ahead of attackers.